|
Posted by Steven L Umbach on September 23, 2005, 8:14 pm
If you were Registered and logged in, you could reply and use other advanced thread options
You would need to enable auditing of directory service access in Domain
Controller Security Policy and then enable auditing for what you want to
track as far as AD objects and properties much as the same way you would
audit a folder. If you look on the properties of an AD object and go to
security/advanced - auditing to audit access and you can configure the
object and properties permissions that you want to audit. Below is an
example of an event recorded when I changed the email address on the account
named George. --- Steve
Event Type: Success Audit
Event Source: Security
Event Category: Directory Service Access
Event ID: 566
Date: 9/23/2005
Time: 7:12:10 PM
User: UMBACH3\administrator
Computer: SERVER1-2003
Description:
Object Operation:
Object Server: DS
Operation Type: Object Access
Object Type: user
Object Name: CN=george,CN=Users,DC=umbach3,DC=com
Handle ID: -
Primary User Name: SERVER1-2003$
Primary Domain: UMBACH3
Primary Logon ID: (0x0,0x3E7)
Client User Name: administrator
Client Domain: UMBACH3
Client Logon ID: (0x0,0x68EFE0)
Accesses: Write Property
Properties:
Write Property
Public Information
mail
user
Additional Info:
Additional Info2:
Access Mask: 0x20
For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
>I have successfully configured auditing for Account Management. However, it
> does not generate an event for when an email address is
> changed/deleted/modified?
>
> Is there a way extend the attributes that are tracked within Account
> Management in AD?
>
> Thank you for any help that you may provide.
>
> Jamie
| 
XML site map