Unable to activate Directory Service Changes Logs in Server 2008

hello there,

i want activate directory service changes logs on domain controller running on server 2008. have performed following steps mentioned on microsoft site.

steps set auditing

this section includes procedures each of primary steps enabling change auditing:

• step 1: enable audit policy.
  
• step 2: set auditing in object sacls using active directory users , computers.

after performing these steps, able logs modifications in user objects, when create new user object in active directory, event 5137 doesnt show in security logs.

i getting event 5136 modification occured in directory services.

please me out.

---

network engineer

hi,

 

please try following steps:

 

1.     run auditpol /get /category:* on windows server 2008 dc, , verify directory service changes enabled.

2.     right-click container in active directory users , computers, select properties, select security tab, click advanced, select auditing tab, click add.

3.     type user name, click ok, select this object , descendant objects in apply onto list, click successful , failed of full control, click ok.

4.     now, should see event after create object in container user account typed in step 3.

 

hope helps.

---

this posting provided "as is" no warranties, , confers no rights. please remember click “mark answer” on post helps you, , click “unmark answer” if marked post not answer question. can beneficial other community members reading thread.

Windows Server  >  Directory Services