This step-by-step article describes how to enable auditing of Active Directory.
Administrators can monitor access to Active Directory, causing successful and "failed" access events to be logged in the Directory Service event log. This event log is present only on Windows 2000 domain controllers.
Enable Auditing of Active Directory
To enable auditing of Active Directory:
- Start the Active Directory Users and Computers snap-in by clicking Start, pointing to Programs, and then pointing to Administrative Tools.
- On the View menu, click Advanced Features.
- Right-click the Domain Controllers container, and then click Properties.
- Click the Group Policy tab.
- Click Default Domain Controller Policy, and then click Edit.
- Double-click the following items to open them: Computer Configuration, Windows Settings, Security Settings, Local Policies, Audit Policy.
- In the right pane, open Audit Directory Services Access.
- Click the appropriate option(s): Audit Successful Attempts and/or Audit Failed Attempts.
- Open the Security Log to view logged events.
: In Windows 2000, domain controllers poll for policy changes every five minutes. Other domain controllers in the enterprise receive the changes at this interval plus the time of replication.
Article ID: 232714 - Last Review: February 26, 2007 - Revision: 2.2
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server
|kbenv kbhowto kbhowtomaster KB232714|