Solved

How to audit changes to AD objects/accounts?

Posted on 2014-04-11
3
351 Views
Last Modified: 2014-05-02
Experts,

What is the best practice to determine who made permission changes to an AD object? I know the account and have a general time frame of when the chance was made.

Thank you very much!
0
Comment
Question by:grindsmygeaqrs
3 Comments
 
LVL 13

Expert Comment

by:Santosh Gupta
ID: 39994530
Hi,

Please see the below link for best practice to determine who made permission changes to an AD object.
http://blog.pluralsight.com/windows-server-2008-auditing-active-directory
0
 
LVL 17

Expert Comment

by:Brad Bouchard
ID: 39995016
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 500 total points
ID: 39995765
Refer below link to enable auditing.

AD DS Auditing Step-by-Step Guide:
http://technet.microsoft.com/en-us/library/cc731607(v=ws.10).aspx

HOW TO: Audit Active Directory Objects in Windows Server 2003
http://support.microsoft.com/kb/814595

Apart from the auditing, you can use third party tools like Quest and Ntewrix to find out WHO changed WHAT, WHEN, and WHERE to list additions, deletions, and modifications made to Active Directory users, groups, computers, OUs, group memberships.
 
NetWrix tool : http://www.netwrix.com/active_directory_change_reporting_freeware.html
 
Quest: http://www.quest.com/changeauditor-for-active-directory/
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Knowing where your website is hosted is as important as the features you receive, the monthly fee, and the support you receive. Due diligence should be done when choosing your next hosting provider.
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

790 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question