Microsoft KB Archive/314977

= How to enable Active Directory access auditing in Windows 2000 =

Article ID: 314977

Article Last Modified on 10/31/2006

-

APPLIES TO


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server

-



This article was previously published under Q314977





IN THIS TASK
SUMMARY
 * Enable Auditing of Active Directory Access
 * Troubleshooting



SUMMARY
This step-by-step article describes how to enable Active Directory access auditing in Windows 2000. The Active Directory should be audited to assess when authorized and unauthorized access is attempted. You can configure auditing of the Active Directory database. After you enable auditing, you can view the audit information in the security log that is located in the Event Viewer. Note that this log is only present on computers that are acting as Active Directory domain controllers. This article describes how you can enable Active Directory for auditing access.

back to the top

Enable Auditing of Active Directory Access
To audit access to the Active Directory:
 * 1) Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
 * 2) Right-click your domain name, point to View, and then click Advanced Features.
 * 3) Right-click the Domain Controllers node in the left pane of the console, and then click Properties.
 * 4) In the Properties dialog box, click the Group Policy tab.
 * 5) Click Default Domain Controller Policy, and then click Edit.
 * 6) Expand the following nodes in the following order: Computer Configuration, Windows Settings, Security Settings, Local Policies and then Audit Policy.
 * 7) Scroll through the list of options in the right pane until you find the Audit Directory Services Access entry, and then double-click that entry.
 * 8) Click the Audit Successful Attempts and/or the Audit Failed Attempts options as required by your network environment. Click OK.
 * 9) Click OK, and then quit the Active Directory Users and Computers console.

back to the top

Troubleshooting
The policy change will not take place immediately. Active Directory domain controllers automatically check for policy changes to domain controller policy every five minutes. Replication intervals also must be considered for the policy to propagate throughout all domain controllers in the organization.

back to the top

Keywords: kbhowto kbhowtomaster KB314977

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.