Embed Size (px)
Citation preview
Module 12:Auditing Active Directory Domain Services Changes
Overview
Identify new features in AD DS auditing
Implement AD DS auditing
Lesson 1: What’s New with AD DS Auditing
Identify the four new auditing subcategories
List the new capabilities enabled with the new auditing subcategories
Auditing Overview
Audit directory service access
generic object operation took place.
566A
DescriptionDirectory service access events
Auditing with Windows Server 2008
Audit Directory Service Access
Directory Service Access
Directory Service Changes
Directory Service Replication
Detailed Directory Service Replication
Lesson 2: Implementing AD DS Change Auditing
Describe the global audit policy
Describe the System Access Control List
Describe how the schema can be used to filter events that are audited
List the event ID for directory service access events
Describe attribute syntaxes
Global Audit Policy
generic object operation took place.566A
DescriptionDirectory service access events
generic object operation took place.4662
DescriptionDirectory service access events
Windows Server 2000 and Windows Server 2003
Windows Server 2008
System Access Control List
SACL
Schema
Schema
Event Type 1
Event Type 2
Event Type 3
Event Type 4
Event Type 5
Audited
New AD DS Auditing Events
Modify 5136
Create 5137
Undelete 5138
Move 5139
Example 1
Example 2
Attribute Syntaxes
Registry setting information is as follows:
Location: HKLM\System\CurrentControlSet\Services\NTDS\Setting name: MaximumStringBytesToAudit
Type: REG_DWORD
Values
Default registry value: 1000
Minimum registry value: 0
Maximum registry value 64000
