View Categories

How do I set up Active Directory auditing?

< 1 min read

Here are the steps to set up Active Directory auditing:

  1. Enable Advanced Auditing
    Go to Server Manager > Tools > Group Policy Management > Forest > Domains > DomainName > Default Domain Policy > expand Computer Configuration > Policies > Windows Settings > Security Settings > Advanced Audit Policy Configuration
  2. Create an audit policy
    Create a new policy with the settings to monitor the Active Directory objects and services.
  3. Set up the audit logging
    Enable the advanced audit logging in the Control Panel > Administrative Tools > Local Security Policy > Local Policies > Audit Policy > Audit logon events. Ensure the 'Audit account logon events' is checked.
  4. Define a security filter
    Set the security filter in the Default Domain Policy on each domain controller to control the individual objects that will be tracked in the Active Directory.
  5. Configure the Domain Controller auditing
    Configure the audit policy in the Default Domain Controller Policy on each domain controller to track authentication failure, account accesses, logon success/failure, and others.

Powered by BetterDocs