Sign in with
Sign up | Sign in
Your question

Active Directory audits

Last response: in Windows 2000/NT
Share
March 31, 2005 7:30:54 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Is there a way to have all the information about all (or some of) the
changes/insertions performed in Active Directory (W2000), such as user or
group operations? Some information is stored in the OS "Event Log", but the
information is not enough, because most of times only a few attribute values
is shown there (for example, the user logon old/new value is not show show
when it is changed.

What I need to be able to do is to have all the history of values for some
attributes such as the user login, group names, group members, etc. Is this
possible?

Thanks,
Juan Carlos
Anonymous
April 2, 2005 12:58:57 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

JC wrote:

> Is there a way to have all the information about all (or some of) the
> changes/insertions performed in Active Directory (W2000), such as user or
> group operations? Some information is stored in the OS "Event Log", but the
> information is not enough, because most of times only a few attribute values
> is shown there (for example, the user logon old/new value is not show show
> when it is changed.
>
> What I need to be able to do is to have all the history of values for some
> attributes such as the user login, group names, group members, etc. Is this
> possible?
>
> Thanks,
> Juan Carlos

Have you turned on auditing yet for directory service access and account
management?
Anonymous
April 2, 2005 7:13:49 PM

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Thanks for your answer.

Yes I do. And I've turned on also the audits for the specific objects in
Active Directory. The events generated in the "Event log" are account events
and "directory service" events when the objects are accessed.

But what I cant get from the event log is for example (I'm particularly
interested in this) the new value when a user's login is changed. The
information about what attributes were modified is written in the log, but
not the value of the attributes. For some properties (such as the user
"name") it is shown, but for others (many) not.
I want to know if there is a way to get/track this
information/modifications.

I'm using Windows 2000. I may use Windows 2003 if this worked in that OS,
but I've got no information out there about this in Windows 2003.

Thanks a lot,

Juan Carlos


"Brandon McCombs" <bmccombs@ma.rr.com> wrote in message
news:424E6029.7D13E6E7@ma.rr.com...
>
>
> JC wrote:
>
> > Is there a way to have all the information about all (or some of) the
> > changes/insertions performed in Active Directory (W2000), such as user
or
> > group operations? Some information is stored in the OS "Event Log", but
the
> > information is not enough, because most of times only a few attribute
values
> > is shown there (for example, the user logon old/new value is not show
show
> > when it is changed.
> >
> > What I need to be able to do is to have all the history of values for
some
> > attributes such as the user login, group names, group members, etc. Is
this
> > possible?
> >
> > Thanks,
> > Juan Carlos
>
> Have you turned on auditing yet for directory service access and account
> management?
>
!