WinSecWiki > Security Settings > Local Policies > Audit Policy > DS Access > Access

Directory Service Access

This category only generates events on domain controllers and tracks access attempts on Active Directory objects (which have object level auditing enabled) but not changes to those objects. See Directory Service Changes. Typically I recommend disabling this category and using Directory Service Changes to track actual changes. To configure this on Server 2008 you must use auditpol. Server 2008 R2 and later can use Group Policy.

Coverage on events generated by this category are currently in the Security Log Encyclopedia:

Event IDTitle
4661 A handle to an object was requested
4662 An operation was performed on an object
5139 A directory service object was moved.

Back to top


Additional Resources