To enable this, you’ll need to open Active Directory Objects Editor (ADUC) and peruse the properties of each object in the domain container. Once in the properties of an object, open the Security Tab and select the ‘Advanced’ button. On the Advanced screen, select the Edit Auditing tab and click ‘Add’ to choose which user/security groups you would like to audit.

In the Advanced Security Settings window (from step 1), select the ‘Auditing’ tab and place a check for the events you wish to audit. Generally, success and failures are checked but additionally you can set auditing for individual user access (read, write, delete, etc.).

Enabling audits in Active Directory will cause increased disk utilization and could potentially slow performance so it is recommended to periodically measure performance impact while enabled.