Jared Heinrichs

  • Technology Blog
  • Winnipeg Computer Repair
  • Winnipeg Photographer
  • Cooking With Jared
You are here: Home / Operating System / Active Directory (2003) / How to setup Active Directory auditing

Sep 13, 2010 By Jared Heinrichs Leave a Comment

How to setup Active Directory auditing

There are many reasons to setup Active Directory Auditing. The most common reason is to track changes to user/computer accounts in Active Directory. There are two things you have to do in order to setup Active Directory auditing.

  1. You have to enable Auditing Policy (specifically Audit Directory Service) on either the domain Controller Policy or the Default Domain Policy. I recommend the Domain Controller Policy.
  2. You have to turn on Auditing component on the Object(s) you want to audit.

How to setup/Enable Audit Directory Service

Here are the steps to Enable the Audit Directory Service.

  1. Right click the Domain Controller Policy. Select. “Edit…”
  2. Go to “Computer Configuration” – “Windows Settings” – “Security Settings” – “Local Policies” – “Audit Policy”
  3. Double click “Audit Directory Service Access”
  4. All the boxes should be selected. ie. “Define these policy settins”. Audit These attempts “Success” & “Failure”.

How to turn on Auditing on specific Active Directory Objects

Here are the steps to turn on Auditing on AD obejcts:

  1. Open Active Directory Users and Computers
  2. Go to View and make sure “Show advance features” is enabled.
  3. Right click “Base OU” where you want to audit and hit Properties.
  4. Click on Security Tab”. (If you don’t see this go back to step #2)
  5. Click “Advanced” button near the bottom of the Window.
  6. Click on “Auditing” tab in the new Window.
  7. Click on “Add..” button
  8. Select “Authenticated Users” group
  9. Check off Successful and Failed for the Write all Properties. Make sure that “This object and all descendant objects” is selected.
  10. Click “Ok”
  11. Click “Ok”

How to View Active Directory Auditing Logs

Now that you’ve set this up you might be wondering “Where do I go to see all this auditing now? If you did you would have asked a really good question.

To view the Active Directory Auditing logs you need to open “Server Manager” – “Diagnostics” – “Windows Logs” – “Security”

  • 4726 Message – This code is for deleting a user account. The user who did it will also be logged.
  • 4720 Message – This code is for creating a user account. The user who did it will also be logged.

You might want to try and filter the events based on these messages.

Filed Under: Active Directory (2003) Tagged With: How To

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Categories

  • Board Game Rules
  • Camera
  • Computer Hardware
    • Blackberry
    • drivers
    • iPad
    • Magic Jack
    • USB
  • Damn Small Linux
  • Exam Notes
  • Facebook
  • FREE Flashcards
  • Games
    • PC
      • League of Legends
    • Wii
    • xbox 360
  • Music
  • Networking
    • Cisco Certification
    • Mitel
    • Palo Alto Firewall
  • News
    • Google
    • Microsoft
  • Operating System
    • Active Directory (2003)
    • Android
    • Command Prompt
    • Damn Small Linux
    • Group Policy
    • Hyper-V
    • IIS
    • ISA 2006
    • Mac OS X
    • Microsoft Exchange Server
    • Powershell
    • Security
    • SME Server
    • Terminal Server 2003
    • Ubuntu Linux
      • Adito Web SSL VPN
      • OpenVpn-als
      • Webmin
    • Virtual Machine Manager
    • Windows 2003 SBS
    • Windows 2003 Server
    • Windows 2008
    • Windows 2008 R2
    • Windows 2012R2
    • Windows 7
    • Windows 8
    • Windows Command Line
    • Windows Deployment Services
    • Windows Server Backup
    • Windows Vista
    • Windows XP
  • Phones
  • Photography
  • Photos
    • Animals
    • Misc
    • Nature
    • Portraits
  • Portfolio
  • Programming
    • CSS
    • HTML
    • jQuery
    • MySQL
    • PHP
    • Script
  • Programs
    • Acrobat
    • Acrobat Reader
    • Adobe Dreamweaver
    • Adobe Illustrator
    • Adobe Photoshop
    • Anti-virus Software
    • Antivirus
    • Backup Exec
    • Bittorent
    • Blackberry BESADMIN
    • Internet Explorer 9
    • Lightroom
    • Microsoft Office
    • Netbeans
    • Onenote
    • Outlook
    • Shelby
    • Sysprep
    • Trend
    • Video Editing
    • Visual Studio
    • Windows Live Writer
    • WireShark
    • XP Mode
    • Zarafa
  • Recipe
  • Review
  • Software Links
  • Troubleshooting
  • Uncategorized
  • Videos
  • Web Applications
    • Brage
    • Google
    • Spiceworks
    • Wordpress
  • Web Browsers
    • Internet Explorer
  • Web Server
    • XAMPP
  • Winnipeg
    • ISP

Try searching this site!

Copyright © 2021 Winnipeg Web Design