WinSecWiki > Security Settings > Local Policies > Audit Policy > DS Access > Access

Directory Service Access

This category only generates events on domain controllers and tracks access attempts on Active Directory objects (which have object level auditing enabled) but not changes to those objects. See Directory Service Changes. Typically I recommend disabling this category and using Directory Service Changes to track actual changes. To configure this on Server 2008 you must use auditpol. Server 2008 R2 and later can use Group Policy.

Coverage on events generated by this category are currently in the Security Log Encyclopedia:

Event ID	Title
4661	A handle to an object was requested
4662	An operation was performed on an object
5139	A directory service object was moved.

Upcoming Webinars

Anatomy of a Cloud Hack: The Cloudflare/Okta Compromise – A Story of Tokens, Lateral Movement, Persistence and the Salvation of Zero Trust and Hard MFA Tokens

Additional Resources

DS Access

•	Access
•	Changes
•	Replication
•	Detailed Replication

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.