To do this you need to audit directory service access.
To enable auditing of Active Directory:
1. Start the "Active Directory Users and Computers" snap-in by
clicking Start,
pointing to Programs, and then pointing to Administrative Tools.
2. On the View menu, click Advanced Features.
3. Right-click the Domain Controllers container, and then click
Properties.
4. Click the Group Policy tab.
5. Click Default Domain Controller Policy, and then click Edit.
6. Double-click the following items to open them: Computer
Configuration,
Windows Settings, Security Settings, Local Policies, Audit Policy.
7. In the right pane, open Audit Directory Services Access.
8. Click the appropriate option(s): Audit Successful Attempts and/or
Audit
Failed Attempts.
The Audit will look as follows and shows access to the
groupPolicyContainer:
Event Type: Success Audit
Event Source: Security
Event Category: Directory Service Access
Event ID: 565
Date: 12/16/2003
Time: 2:08:14 PM
User: DOMAIN1\Administrator
Computer: DC1
Description:
Object Open:
Object Server: DS
Object Type: groupPolicyContainer
Object
Name:
CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Dom
ain1,DC=com
New Handle ID: 0
Operation ID: {0,20831424}
Process ID: 248
Primary User Name: DC1$
Primary Domain: DOMAIN1
Primary Logon ID: (0x0,0x3E7)
Client User Name: Administrator
Client Domain: DOMAIN1
Client Logon ID: (0x0,0x13DCEEB)
Accesses Write Property
Privileges -
Properties:
Write Property
%{00000000-0000-0000-0000-000000000000}
versionNumber
Tom Ausburne (MSFT)
Windows 2000 Directory Services
This posting is provided "AS IS" with no warranties, and confers no
rights.
