How to enable Active Directory access auditing in Windows 2000 (314977)

SUMMARY

This step-by-step article describes how to enable Active Directory access auditing in Windows 2000. The Active Directory should be audited to assess when authorized and unauthorized access is attempted. You can configure auditing of the Active Directory database. After you enable auditing, you can view the audit information in the security log that is located in the Event Viewer. Note that this log is only present on computers that are acting as Active Directory domain controllers. This article describes how you can enable Active Directory for auditing access.

back to the top

Enable Auditing of Active Directory Access

To audit access to the Active Directory:

1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
2. Right-click your domain name, point to View, and then click Advanced Features.
3. Right-click the Domain Controllers node in the left pane of the console, and then click Properties.
4. In the Properties dialog box, click the Group Policy tab.
5. Click Default Domain Controller Policy, and then click Edit.
6. Expand the following nodes in the following order: Computer Configuration, Windows Settings, Security Settings, Local Policies and then Audit Policy.
7. Scroll through the list of options in the right pane until you find the Audit Directory Services Access entry, and then double-click that entry.
8. Click the Audit Successful Attempts and/or the Audit Failed Attempts options as required by your network environment. Click OK.
9. Click OK, and then quit the Active Directory Users and Computers console.

back to the top

Troubleshooting

The policy change will not take place immediately. Active Directory domain controllers automatically check for policy changes to domain controller policy every five minutes. Replication intervals also must be considered for the policy to propagate throughout all domain controllers in the organization.

back to the top