How to Enable Auditing of Directory Service Access

ID: Q232714

The information in this article applies to:
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Windows 2000 Server

SUMMARY

Administrators can monitor access to Active Directory, causing successful and "failed" audit attempts to be logged in the Directory Service event log. This event log is present only on Windows 2000 domain controllers.


MORE INFORMATION

To enable auditing of Active Directory:

  1. Start the Active Directory Users and Computers snap-in by clicking Start, pointing to Programs, and then pointing to Administrative Tools.


  2. On the View menu, click Advanced Features.


  3. Right-click the Domain Controllers container, and then click Properties.


  4. Click the Group Policy tab.


  5. Click Default Domain Controller Policy, and then click Edit.


  6. Double-click the following items to open them: Computer Configuration, Windows Settings, Security Settings, Local Policies, Audit Policy.


  7. In the right pane, open Audit Directory Services Access.


  8. Click the appropriate option(s): Audit Successful Attempts and/or Audit Failed Attempts.


  9. Open the Security Log to view logged events.


NOTE: In Windows 2000, domain controllers poll for policy changes every five minutes. Other domain controllers in the enterprise receive the changes at this interval plus the time of replication.

Additional query words:

Keywords : kbenv kbtool
Version : WINDOWS:2000
Platform : WINDOWS
Issue type : kbhowto


Last Reviewed: December 30, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.