140 likes | 390 Views
Module 7: Auditing Active Directory Domain Services Changes. Module Overview. What’s New with AD DS Auditing Implementing AD DS Change Auditing. Lesson 1: What’s New with AD DS Auditing. Auditing Overview Auditing with Windows Server 2008. Auditing Overview. Audit directory service access.
E N D
Module Overview • What’s New with AD DS Auditing • Implementing AD DS Change Auditing
Lesson 1: What’s New with AD DS Auditing • Auditing Overview • Auditing with Windows Server 2008
Auditing Overview Audit directory service access Directory service access events Description 566A generic object operation took place
Auditing with Windows Server 2008 Audit Directory Service Access Directory Service Access Directory Service Changes Directory Service Replication Detailed Directory Service Replication
Lesson 2: Implementing AD DS Change Auditing • Global Audit Policy • System Access Control List • Schema • New AD DS Auditing Events • Attribute Syntaxes
Global Audit Policy Windows Server 2000 and Windows Server 2003 Directory service access events Description 566A generic object operation took place Windows Server 2008 Directory service access events Description 4662 generic object operation took place
Schema Schema Event Type 1 Event Type 2 Event Type 3 Event Type 4 Event Type 5 Audited
New AD DS Auditing Events Modify 5136 Create 5137 Undelete 5138 Move 5139
Attribute Syntaxes Registry setting information is as follows: • Location: HKLM\System\CurrentControlSet\Services\NTDS\Setting name: MaximumStringBytesToAudit • Type: REG_DWORD • Values • Default registry value: 1000 • Minimum registry value: 0 • Maximum registry value 64000
Review • What’s New with AD DS Auditing • Implementing AD DS Change Auditing
Lab: Using AD DS Auditing • Exercise 1: Set-up AD DS Auditing • Exercise 2: Create and View Auditing Events