Hi

I hope you may be able to help.

I've needed to create two user accounts with domain admin rights.
These are to be used by colleagues when I'm absent from the workplace.
They have asked that the use of these accounts be audited, as one
doesn't want to be held reponsible for something the other may have
done.
I've created an organisational unit in Active Directory to hold these 2
accounts. Can some sort of policy be applied to this OU. I haven't
had the need to audit like this before and would welcome any advice.

Thanks very much.

No. Auditing is set for the domain, and cannot be set differently
for a couple of accounts. The exception to this is object access
audits which require both the domain wide auditing enable for
success and/or failure and then a security audit setting on the
specific objects (like filesystem area) that is to cause audit records
when those are "touched". For these you can control per-object
what accounts will generate audit records when touched in which
manners. All other auditing (account management, policy changes,
etc.) are for all accounts if enabled.

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi
>
> I hope you may be able to help.
>
> I've needed to create two user accounts with domain admin rights.
> These are to be used by colleagues when I'm absent from the workplace.
> They have asked that the use of these accounts be audited, as one
> doesn't want to be held reponsible for something the other may have
> done.
> I've created an organisational unit in Active Directory to hold these 2
> accounts. Can some sort of policy be applied to this OU. I haven't
> had the need to audit like this before and would welcome any advice.
>
> Thanks very much.
>