We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

How to enable the audit log if active directory object (ex. User, group) got deleted or any modification in active directory object in 2003 Domain controller

bickysranjan
bickysranjan asked
on
Medium Priority
611 Views
Last Modified: 2012-05-11
Hi,
I have a windows 2003 domain controller running, few days backup one domain user account got deleted and I started to find out when and who has deleted the account but did not get any log for this.
As audit log was not enabled duo to which I did not get the log, now I have enabled the Audit  Directory Services Access in Default Domain Controller Policy referring the below link but still I am not able to see the log for domain account deletion, creation or modification
http://support.microsoft.com/kb/814595
Please help me to fix this issue.
Comment
Watch Question

CERTIFIED EXPERT
Top Expert 2013
Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION
Echoing mkline71's answer above; even when you add the Audit Policy to the DC's Group Policy, you still have to add an ACL to the AD objects before it will audit.

Firstly, in the View menu in Active Directory Users & Computers, you will need to enable Advanced Features.  Then you can right-click an OU, choose Properties and then select the Security tab.  From there, click Advanced and then look at the Auditing tab.  You can add an entry here to control auditing for any action on the objects, or changes to the properties on the object.

For thoroughness, you may want to add this audit ACL to the domain object itself, and add Full Control/Success and Full Control/Failure audit rules for the Everyone group.  This might lead to a lot of useless data though.

J.

Author

Commented:
Thanks mkline71
Now i am able to see the log
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.