RebelAdmin.com - The Tech Blog You Need
RebelAdmin.com - The Tech Blog You Need
  • Active Directory
  • Azure Active Directory
  • Azure
  • Windows Server
  • Contact us
Browsing Tag
security logs
Active Directory MICROSOFT Windows 2012 Windows Server 2008

Step-by-Step guide to audit active directory changes using “Directory Service Changes” auditing

April 30, 2015 1 Comment

As Administrator/Engineer it is important to audit the object access on the infrastructure to identify security issues, problems etc. it also helps to troubleshoot this issues.

In windows folder or a file access can audit using audit object access policy. Same way the audit directory service access policy allows to audit access attempts to object in active directory. This is enable by default and configured to audit the “Success Events”. But there are few disadvantages on this.

1)    Difficulties of finding the attribute changes
2)    Impossible to know the old value of an attribute

To overcome this issue windows server 2008 adds an auditing category called “Directory Service Changes”. With this we can simply identify the old and new attributes values.

It is not enabled by default and needs to activate manually.

1)    Log in to the domain controller as Domain admin or Enterprise admin.
2)    Load powershell console with admin rights.
3)    Type auditpol /set /subcategory:"directory service changes" /success:enable and press enter.

audit1

4)    In order to test the auditing, I already have usera and userb added to the Domain admins group. I am going to remove usera from the group and check the auditing.
5)    To check the log entries go to Event viewer > Windows Log > Security
6)    As per below we can see the detail description including,

  • What type of change
  • At what type it was triggered
  • Attribute
  • What is the new value
  • Which group it is

audit2

As we can see it gives great deal of information which can use in troubleshooting, auditing.

If you have any question about the post feel free to contact me on rebeladm@live.com

Continue reading
Reading time: 1 min
Written by: Dishan M. Francis

Search

Generic selectors
Exact matches only
Search in title
Search in content
Search in posts
Search in pages

Microsoft MVP

MVP for Last 5 Years!

July 19, 2018

I am glad to announce that I have been awarded with MVP award by Microsoft for 5th consecutive time. It is a true honor to be a part of such a great community. I got my first award back in 2014 under Active Directory category. […]

Book Release

Mastering Active Directory, Second Edition Released!

August 10, 2019

Mastering Active Directory, Second Edition Released!

As most of you were aware, I published my book "Mastering Active Directory" back in, 2017. When I released it, I had my doubts! It was my first book even though I was writing to blogs for many years.

Follow Us

Twitter
LinkedIn

© 2018 copyright Dishan Francis // All rights reserved