WinSecWiki > Security Settings > Advanced Audit Policies > DS Access > Directory Service Changes

Audit Directory Service Changes

This category only generates events on domain controllers and is very useful for tracking changes to Active Directory objects that have object level auditing enabled. These events not only tell you what object and property was changed and by whom but also the new value of the affected properties. To configure this on Server 2008 you must use auditpol. Server 2008 R2 and later can use Group Policy.

Coverage on events generated by this category are currently in the Security Log Encyclopedia:

Event ID	Title
5136	A directory service object was modified.
5137	A directory service object was created.
5138	A directory service object was undeleted.
5139	A directory service object was moved.
5141	A directory service object was deleted

Upcoming Webinars

Additional Resources

DS Access

•	Detailed Directory Service Replication
•	Directory Service Access
•	Directory Service Changes
•	Directory Service Replication

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.