O'Reilly logo

Windows Server 2003 in a Nutshell by Mitch Tulloch

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Name

Active Directory—Tasks

Synopsis

This section covers common (and not so common but important) administrative tasks concerning the general administration of Active Directory. For more specific tasks relating to administering domains, trusts, user accounts, and so on, refer to the related topics elsewhere in this chapter. For example, to learn how to manage domain controllers, see Domain Controller; to learn how to configure user accounts, see Users; and so on. Note that all tasks in this section involve using the Active Directory Users and Computers console unless otherwise indicated.

Audit Active Directory

You can use auditing to detect unauthorized attempts to access Active Directory:

Right-click the Domain Controllers node Properties Group Policy select Default Domain Controller Policy Edit Computer Configuration Windows Settings Security Settings Local Policies Audit Policy right-click Audit Directory Services Access Properties select Define these policy settings choose to audit success and/or failure events

Auditing of access to Active Directory on all domain controllers in the domain takes effect once the GPO settings have propagated to other domain controllers (usually within five minutes). Directory service access events are logged in the Security log on each domain controller and can be viewed with Event Viewer.

Note

For fresh installs of new WS2003 domain controllers in a new domain, Active Directory security auditing is enabled by default. If you ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required