Active Directory audits

J

JC

Is there a way to have all the information about all (or some of) the
changes/insertions performed in Active Directory (W2000), such as user or
group operations? Some information is stored in the OS "Event Log", but the
information is not enough, because most of times only a few attribute values
is shown there (for example, the user logon old/new value is not show show
when it is changed.

What I need to be able to do is to have all the history of values for some
attributes such as the user login, group names, group members, etc. Is this
possible?

Thanks,
Juan Carlos
 
B

Brandon McCombs

JC said:
Is there a way to have all the information about all (or some of) the
changes/insertions performed in Active Directory (W2000), such as user or
group operations? Some information is stored in the OS "Event Log", but the
information is not enough, because most of times only a few attribute values
is shown there (for example, the user logon old/new value is not show show
when it is changed.

What I need to be able to do is to have all the history of values for some
attributes such as the user login, group names, group members, etc. Is this
possible?

Thanks,
Juan Carlos
Click to expand...

Have you turned on auditing yet for directory service access and account
management?
 
J

Juan Carlos

Thanks for your answer.

Yes I do. And I've turned on also the audits for the specific objects in
Active Directory. The events generated in the "Event log" are account events
and "directory service" events when the objects are accessed.

But what I cant get from the event log is for example (I'm particularly
interested in this) the new value when a user's login is changed. The
information about what attributes were modified is written in the log, but
not the value of the attributes. For some properties (such as the user
"name") it is shown, but for others (many) not.
I want to know if there is a way to get/track this
information/modifications.

I'm using Windows 2000. I may use Windows 2003 if this worked in that OS,
but I've got no information out there about this in Windows 2003.

Thanks a lot,

Juan Carlos
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Making attributes private in Active Directory 1
Active Directory Permissions 1
Last user login information differs on Active Directory Servers 5
Step-by-Step Guide to Using Active Directory Schema and Display Specifiers 0
Can not publish printers in Active Directory 2
Active Directory Services 1
Active Directory 1
Add Attributes to your Active Directory Schema and Manage their Permissions Efficiently 2

Top