Active Directory Troubleshooting and Maintenance
Things will inevitably break in your network—this is a given. Additionally, you'll need to perform a few tasks on a regular basis to keep your AD DS installation running at maximum performance and efficiency. In this section, I'll take a look at troubleshooting and maintenance, and show you how to both keep your network in tip-top shape and how to figure out what's wrong when things go awry.
Auditing Activities in Active Directory Domain Services
Windows Server 2008 and AD DS include an improved auditing infrastructure that lets you more easily see the activities within your domain. By enabling auditing through Group Policy for your domain controllers, you can see success and failure attempts for specific objects within your directory tree when those objects try to access or change settings on your domain.
Auditing in Windows Server 2008's implementation of Active Directory has four subcategories:
- Directory Service Access
The information in this audit event is essentially the same as what you received in Windows Server 2003, but the event ID changes to 4662.
- Directory Service Changes
This event is new and records both the previous and the new, current value of whatever in the directory changed to the Security event log. Objects with properties that changed will have the old and new values logged (event 5136). New objects will have all of their initial settings logged (event 5137), and objects that are moved will have their old and current ...
Get Windows Server 2008: The Definitive Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
