logging on domain

Posted on 2011-03-16
Medium Priority
Last Modified: 2012-05-11

We are currently being audited, and one thing that has come up is that we do not keep logs of changes to active directory, folder share access basically anything to do with the network.

Can you please tell me the best way to log all of this, and hold onto the data for at least a year.  Ideally i would like it in one central database that i can look at.


Question by:philipfarnes
LVL 70

Expert Comment

ID: 35146074
You can enable auditing - to keep the records for more than a few weeks you will need to set up a process to archive the event logs on a regular basis - there is a nice intro at http://www.techrepublic.com/article/solutionbase-creating-a-windows-server-2003-audit-policy/6028421
LVL 10

Expert Comment

by:Muzafar Momin
ID: 35146206
user netwrix change auditor
LVL 24

Accepted Solution

Awinish earned 2000 total points
ID: 35146889
You can have centralize storage or disc to store the logs into it.


You can also consider manageenginer tool, its really good.

LVL 17

Expert Comment

by:Premkumar Yogeswaran
ID: 35149038

The best way we use..!

enable the Active directory audit logs in AD

And also use a 3rd party software fro quest change auditor


Expert Comment

ID: 35173829

You can also use SPLUNK for auditing your Active Directory Environment.  i would also setup event forwarding depending on the size of your environment in windows.  If you have less than 10 servers it would be a good idea.  

With event forwarding  you can forward your event log data to one box and have a centralized location for yout logging.

Featured Post

Easily manage email signatures in Office 365

Managing email signatures in Office 365 can be a challenging task if you don't have the right tool. CodeTwo Email Signatures for Office 365 will help you implement a unified email signature look, no matter what email client is used by users. Test it for free!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question