DS Auditing in Windows Server 2008

  • Section(s): Active Directory
  • Published on May 06, 2009.
  • Last Modified on Dec 31, 2008.
  • Last Modified by Nirmal Sharma.
  • Rating: Not Rated
This article explains the new functionality offered by auditing in Windows Server 2008.

Directory Services auditing have been there since Windows 2000. In Windows Server 2008, the DS Auditing has been changed. It offers some new functionality. In previous versions of Windows, there was one DS Auditing category and all the changes (Add/Delete/Modify) were logged using the same category. Windows Server 2008 includes four DS Auditing categories as listed below:

  • Directory Service Access               
  • Directory Service Changes               
  • Directory Service Replication         
  • Detailed Directory Service Replication

You can enable/disable each category using the new command line tool (Auditpol.exe) supplied with Windows Server 2008 Active Directory Domain. Please use the Auditpol.exe /? to list the switches.

Please note the following improvements with DS Auditing:

  • New Event Ids (Create-5137, Modify-5136, Move-5139, 5138)
  • Settings of auditing are stored in LSA Locally now                   
  • Global Audit Policy is enabled by default                                   
  • Old values are also logged now.                                                
  • New command line tool support for enabling/disabling Auditing categories                                                      
  • SearchFlags=9th bit or value=256 allows not to log changes for an attribute.                                                            
  • If you upgrade with auditing off, you must enable Auditing in 2008.

 

About Nirmal Sharma

Nirmal is a Microsoft MVP in Directory Services and working as a Technical Architect/Consultant. He has been involved in Microsoft Technologies since 1994 and followed the progression of Microsoft Operating Systems and software. He is specialized in Directory Services, Microsoft Clustering, SQL, MOM, Exchange and Citrix. In his spare time, he likes to help others and write "internal" technical articles, white papers and tips on various Microsoft technologies. You can contact him at nirmal_sharma@mvps.org.


Article not looking right or info is missing? Let us know so that we can fix it: .


Receive all the latest articles by email!

Receive Real-Time & Monthly WindowsNetworking.com article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become a WindowsNetworking.com member!

Discuss your network issues with thousands of other network administrators. Click here to join!

Community Area

Log in | Register

Readers' Choice

Which is your preferred network administration tool?