Active Directory Monitoring - GPO

i trying setup security audits on when user accounts created, deleted or modified within active directory can't work properly.

steps have done..

withing gpo management:

1.  edit default domain controller policy
2. computer configuration -> windows settings -> security settings -> local policies -> audit policy.
3. enabled audit account logins events, enagled account manamgment, en abled directory service access/
4. make sure success , failure events applied.

ran gpupdate /force created ad account, deleted , ad account.  looked in security audit logs in event viewer..don't see instance.

-

---

brian clanton

hi,

thanks post.

please try enable below setting , check if issue persists.

computer configuration\windows settings\security settings\advanced audit configuration\account management

configure: audit user account management success , failure

besides, try create new gpo, enable necessary policies , link domain. after that, create new account , check if can find related event on dc.

best regards,

alvin wang

---

please remember mark replies answers if , un-mark them if provide no help. if have feedback technet subscriber support, contact tnmff@microsoft.com.

Windows Server  >  Group Policy