1. Run the below command within an elevated command window on the Dirsync Pro (DSP) server:
Auditpol.exe /get /category:*
2. Note the results of step 1
3. Run the following on the PDC/Source AD servers; the below command will temporarily fully enable the Auditing functionality on the respective servers:
auditpol /set /subcategory:"User Account Management" /success:enable /failure:enable
auditpol /set /subcategory:"Computer Account Management" /success:enable /failure:enable
auditpol /set /subcategory:"Security Group Management" /success:enable /failure:enable
auditpol /set /subcategory:"Distribution Group Management" /success:enable /failure:enable
auditpol /set /subcategory:"Application Group Management" /success:enable /failure:enable
auditpol /set /subcategory:"Other Account Management Events" /success:enable /failure:enable
auditpol /set /subcategory:"Directory Service Changes" /success:enable
auditpol /set /subcategory:"Directory Service Access" /success:enable
auditpol /set /subcategory:"Directory Service Replication" /success:enable
auditpol /set /subcategory:"Detailed Directory Service Replication" /success:enable
auditpol /set /subcategory:"Kerberos Service Ticket Operations" /success:enable
auditpol /set /subcategory:"Kerberos Authentication Service" /success:enable
auditpol /set /subcategory:"Credential Validation" /success:enable
4. Re-run below on the DSP server:
Auditpol.exe /get /category:*
You should see all the audit related policies enabled on the respective source and/or target DCs configured with DSP.
Now re-run the pertinent DSP profile to confirm SID History is successfully migrated.
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center