How to monitor my Domain admins?

I want to be able to monitor my domain admins. I need to be able to see what files\folders they accessed? What changes they made to GP, AD, what mailboxes they accessed, etc... Are there any third party or other utilities that could do this.  Also, I would like them not to be aware of this.
sXmont1j6Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnBusiness Consultant (Owner)Commented:
You would have to turn on Server Auditing and check the logging options. I generally do not use this (no need), but this is what you would do going forward. There is nothing you can do going backward from today.
0
sXmont1j6Author Commented:
There isn't any third party utilities? And won't logging be messy?
0
JohnBusiness Consultant (Owner)Commented:
Logging will be messy for sure.

But you need logging turned on.

Splunk is a third party tool to aggregate logs and report on them. I have heard of Splunk, but not used it.

Also look at this one:

  https://www.manageengine.com/products/active-directory-audit/windows-server-auditing.html?ADAPID=1510&kw=%2Bserver%20%2Blog%20%2Baudit&adId=38640113207&gclid=CMa7p7Od-scCFcKGaQodoAcIWA

I have not use it and do not know anything about it.

There is no simple way to do what you want.

If you trust your domain administrators, why do you need to keep tabs?  Perhaps you have a large number of them.
0
What were the top attacks of Q1 2018?

The Threat Lab team analyzes data from WatchGuard’s Firebox Feed, internal and partner threat intelligence, and a research honeynet, to provide insightful analysis about the top threats on the Internet. Check out our Q1 2018 report for smart, practical security advice today!

MacleanSystem EngineerCommented:
3rd Party  tool AD Audit Plus can provide all the data you wish to see,
It would be noticeable to your AD Admins, but that might potentially not be an issue if you conciser the below.

If AD Admins do their work right they won't care that it is audited.
If you have an admin providing poor work on a consistent base then the audit can be part of his performance review, allowing them to identify their mistakes, which could help them recognize which area's they need more study on, to grow and improve their skills. This creates a clear transparent environment which helps the business owner and the employees improve the environment and skills required. Hiding things from AD Admins is hard, and likely results in a negative work atmosphere, which can result in losing good admins who would easily obtain work in more open environments

Alternatively John his suggestion of using purely Windows logs would be less easy to notice to non AD Admins, but it would show in group policies, so any average AD Admin will likely know what that means. Have a think and see which way would suit you best.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
arnoldCommented:
you should enable auditing, login/logout, file access deals with file share access, exchange mailbox.
If this is a compliance issue...

Depending on what no how easily you what to have the data, do you want.......


Splunk is one as John pointed out, you could forward all server logs to a. Central server on which splunk aggregates data converts/stores them,

The option exists with installing the SNMP feature and using an snmptrap server then evntwin maps event log to snmptraps.
.......

Most admin should have already enabled auditing on most of the items login/logout, file share files, gp,  ..
0
McKnifeCommented:
Before recommending anything, please help us understand what you are trying to achieve.

You are maybe not even aware that this kind of monitoring activity, when done without informing the persons being monitored, could lead to serious legal trouble, depending on your country's jurisdiction. I would be very careful before I started monitoring.
1
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.