DS Auditing in Windows Server 2008

by [Published on 6 May 2009 / Last Updated on 31 Dec. 2008]

This article explains the new functionality offered by auditing in Windows Server 2008.

Directory Services auditing have been there since Windows 2000. In Windows Server 2008, the DS Auditing has been changed. It offers some new functionality. In previous versions of Windows, there was one DS Auditing category and all the changes (Add/Delete/Modify) were logged using the same category. Windows Server 2008 includes four DS Auditing categories as listed below:

  • Directory Service Access               
  • Directory Service Changes               
  • Directory Service Replication         
  • Detailed Directory Service Replication

You can enable/disable each category using the new command line tool (Auditpol.exe) supplied with Windows Server 2008 Active Directory Domain. Please use the Auditpol.exe /? to list the switches.

Please note the following improvements with DS Auditing:

  • New Event Ids (Create-5137, Modify-5136, Move-5139, 5138)
  • Settings of auditing are stored in LSA Locally now                   
  • Global Audit Policy is enabled by default                                   
  • Old values are also logged now.                                                
  • New command line tool support for enabling/disabling Auditing categories                                                      
  • SearchFlags=9th bit or value=256 allows not to log changes for an attribute.                                                            
  • If you upgrade with auditing off, you must enable Auditing in 2008.


See Also

The Author — Nirmal Sharma

Nirmal Sharma avatar

Nirmal Sharma is a MCSEx3, MCITP and was awarded the Microsoft MVP award in Directory Services and Windows Networking. He specializes in Microsoft Azure, Office 365, Directory Services, Failover Clusters, Hyper-V, PowerShell Scripting and System Center products. Nirmal has been involved with Microsoft Technologies since 1994. In his spare time, he likes to help others and share some of his knowledge by writing tips and articles on various sites and contributing to PowerShell-based Dynamic Packs for www.ITDynamicPacks.Net solutions.

Featured Links