AD DS Auditing

This section will only cover AD DS auditing. For more information about auditing Windows, see Chapter 8.

One thing that my customers have asked for is the ability to log old and new values when a change occurs. Now you can set up AD DS auditing with a new audit policy subcategory called Directory Service Changes. This will log both old and new changes when they are made to AD DS objects and their attributes. This will help you to do forensics and follow the preceding events before a security breach or issue.

Note

This new auditing feature also applies to AD LDS.

By modifying the system access control list (SACL) on an object, you can control which operations to audit. This gives you the detail you always wanted. If you decide to define ...

Get Windows Server® 2008 Security Resource Kit now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Windows Server® 2008 Security Resource Kit by

AD DS Auditing

Note

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly