Link to home
Create AccountLog in
Avatar of amendala

asked on

Are there any recommended Audit Policy management tools for Active Directory?

Folks -

I'm looking for recommendations for a tool, if one exists, that can be used to manage Active Directory's audit policy in an easy to use centralized manner.

Managing AD's audit policy can be a pain-in-the-rump because of its per-DC nature and the fact that not all audit policy settings are readily available via the Group Policy Editor, rather, auditpol must be used.

Are there any tools that simplify the definition of audit policy and that with appropriate permissions, can apply these settings to all DCs in a forest, or DCs the user specifies?

Hopefully this is clear.

Avatar of Mike Kline
Mike Kline
Flag of United States of America image

What do you mean per DC nature?  You can set an audit policy to the Default domain controllers GPO or create a new Auditing GPO and link it at the domain controllers OU.


Avatar of amendala


Hi Mike -

Various audit policy features in Active Directory must be enabled on a per-DC basis.  For instance, Active Directory Object Change Tracking must be enabled on a per-DC basis via the auditpol tool.  Obviously there are hundreds of ways to script this automation but the fact remains, each DC needs to be touched either manually or via script.  When you have thousands of DCs in a forest, this isn't the easiest of chores.  I agree that the *policy* can be centrally deployed via GPO, however, by default, not all auditing *features* are enabled on a DC.

I was hoping that a tool existing not only to define the audit policy but also to deploy various audit policy settings.
Avatar of amendala

Link to home
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
No viable answers to the question.  Discovered some additional audit configurability within the Group Policy Editor that wasn't as detailed in prior versions.