Auditing Changes Made to AD Objects
Another important change to Active Directory that can be enabled in a Windows Server 2008 or Windows Server 2012 functional domain is the concept of auditing changes made to Active Directory objects. Previously, it was difficult to tell when changes were made, and AD-specific auditing logs were not available. Windows Server 2008/2012 enables administrators to determine when AD objects were modified, moved, or deleted.
To enable AD object auditing on a Windows Server 2012 DC, follow these steps:
1. From Server Manager, click Tools, Group Policy Management
2. Navigate to forest name, Domains, domain name, Domain Controllers, Default Domain Controllers Policy.
3. Right-click the Default Domain Controllers Policy ...
Get Windows Server® 2012 Unleashed now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
