• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 373
  • Last Modified:

How to audit changes to AD objects/accounts?

Experts,

What is the best practice to determine who made permission changes to an AD object? I know the account and have a general time frame of when the chance was made.

Thank you very much!
0
grindsmygeaqrs
Asked:
grindsmygeaqrs
1 Solution
 
Santosh GuptaCommented:
Hi,

Please see the below link for best practice to determine who made permission changes to an AD object.
http://blog.pluralsight.com/windows-server-2008-auditing-active-directory
0
 
Brad BouchardInformation Systems Security OfficerCommented:
0
 
SandeshdubeySenior Server EngineerCommented:
Refer below link to enable auditing.

AD DS Auditing Step-by-Step Guide:
http://technet.microsoft.com/en-us/library/cc731607(v=ws.10).aspx

HOW TO: Audit Active Directory Objects in Windows Server 2003
http://support.microsoft.com/kb/814595

Apart from the auditing, you can use third party tools like Quest and Ntewrix to find out WHO changed WHAT, WHEN, and WHERE to list additions, deletions, and modifications made to Active Directory users, groups, computers, OUs, group memberships.
 
NetWrix tool : http://www.netwrix.com/active_directory_change_reporting_freeware.html
 
Quest: http://www.quest.com/changeauditor-for-active-directory/
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Network Scalability - Handle Complex Environments

Monitor your entire network from a single platform. Free 30 Day Trial Now!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now