Enabling Auditing on Important Active Directory Objects

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2, Windows Server 2008, Windows Server 2008 R2

This procedure configures auditing on actions that are performed against specific important Active Directory objects. The actions to be audited are specified in Table 23 through Table 34 earlier in this guide.

Requirements

• Credentials: Domain Admins

• Tools: ADSI Edit (Windows Server 2003 Support Tools)

To set auditing on important Active Directory objects

1. Log on to a domain controller in the root domain by using an account with Domain Admins credentials.

2. In the Run dialog box, type adsiedit.msc, and then click OK.

3. In the console tree, double-click the appropriate directory partition, right-click container_object — where container_object is the topmost object in the domain, configuration, schema, or application directory partition or the domain controller OU in a domain where you want to enable auditing, and then click Properties.

   Application directory partitions do not appear in the ADSI Edit console tree by default. If the appropriate directory partition does not appear in the console tree:

   • On the Action menu, click Connect to.

   • Under Connection point, click Select or type a Distinguished Name or Naming Context, type or select the distinguished name of the directory partition, and then click OK.

4. On the Security tab in the Properties dialog box, click Advanced.

5. On the Auditing tab in the Advanced Security Settings dialog box, click Add.

6. Create auditing settings to match the settings in Table 23 through Table 34 earlier in this guide.