Administrators can monitor access to Active Directory, causing successful and "failed" access events to be logged in the Directory Service event log. This event log is present only on Windows 2000 domain controllers.
- Start the Active Directory Users and Computers snap-in by clicking Start, pointing to Programs, and then pointing to Administrative Tools.
- On the View menu, click Advanced Features.
- Right-click the Domain Controllers container, and then click Properties.
- Click the Group Policy tab.
- Click Default Domain Controller Policy, and then click Edit.
- Double-click the following items to open them: Computer Configuration, Windows Settings, Security Settings, Local Policies, Audit Policy.
- In the right pane, open Audit Directory Services Access.
- Click the appropriate option(s): Audit Successful Attempts and/or Audit Failed Attempts.
- Open the Security Log to view logged events.
Article ID: 232714 - Last Review: Feb 26, 2007 - Revision: 1