Asif Naeem
asked on
AD Audite event logs
Hi All,
i have recently enable the AD Auditing at Domain level in my org to monitor the activity. i have enabled the following options under computer configuriton--->windows Setting> security Settings----> advance audit policy---- Audit Polices.
1- DS-- Audit Directory Service changes.
2- audit computer account management
3-audit dist Group Management
4- Audit Security Group Management.
and couple of other options, I have created the costume view and to record the security event for this. But unfortunately I can see from last few days nothing is record for event IR 4728 4729 on so on, which worried me if I am missing any key Steps to enable this.
Please can any one help and guide me best practice to enable AD aduite and record in event view for Auditing, and how I can set up to recoved Security, appliaciotn event on different drive or locaiton.
Regards
i have recently enable the AD Auditing at Domain level in my org to monitor the activity. i have enabled the following options under computer configuriton--->windows Setting> security Settings----> advance audit policy---- Audit Polices.
1- DS-- Audit Directory Service changes.
2- audit computer account management
3-audit dist Group Management
4- Audit Security Group Management.
and couple of other options, I have created the costume view and to record the security event for this. But unfortunately I can see from last few days nothing is record for event IR 4728 4729 on so on, which worried me if I am missing any key Steps to enable this.
Please can any one help and guide me best practice to enable AD aduite and record in event view for Auditing, and how I can set up to recoved Security, appliaciotn event on different drive or locaiton.
Regards
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi,
Thanks for response and very useful links and KB. I have applied every thing as best practice as mention in KB's as well. But I wounder from last few days I can see no event recorded against 4728,4729 which I believe it is not possible that no user is added or removed by Support team.
I am running AD server 2012 any further advice.
Thanks
Thanks for response and very useful links and KB. I have applied every thing as best practice as mention in KB's as well. But I wounder from last few days I can see no event recorded against 4728,4729 which I believe it is not possible that no user is added or removed by Support team.
I am running AD server 2012 any further advice.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi
Thanks for all useful link and help.
Regards
Thanks for all useful link and help.
Regards
ASKER