If a user removes an ACE from the domain root object and then search Change Auditor for all actions of the user who committed the change, no data is returned.
The Domain Root Schema Class object is not included by default.
To capture changes made to the DACL of the Domain Root, the “DomainDNS” Schema Class must be added to Active Directory Audit Configuration. This allows the Domain Root (DomainDNS) attributes to appear in the monitored Attributes list.
The nTSecurityDescriptor attribute must be moved to the monitored attributes list, since permissions (DACL) are stored in this attribute.
Complete the following steps to capture changes to the DACL at the domain root.
Refresh the configuration for all the agents on Domain Controllers.
© 2024 Quest Software Inc. ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center