To capture Active Directory database events, you must:
The Active Directory Database Auditing page is displayed when Active Directory Database is selected from the Auditing task list in the navigation pane of the Administration Tasks page. From this page you can start the Active Directory Auditing wizard to monitor your Active Directory database for unauthorized access. You can also edit existing templates, disable/enable templates and remove templates that are no longer being used.
The Active Directory Database Auditing page contains an expandable view of all the templates that have been previously defined. To add a new template to the list, use the Add tool bar button.
Once added, the following information is provided for the template:
2 |
Click Auditing. |
3 |
Select Active Directory Database in the Auditing task list. |
4 |
Click Add to open the Active Directory Auditing wizard. |
7 |
Select one or more processes from the process list and click Add to move these processes to the exclusion list. By default, all processes (except lsass.exe) will be audited. |
8 |
Click Finish or Finish and Assign to Agent Configuration to assign the template to an agent configuration. |
• |
On the Agent Configuration page, select the agents assigned to use the modified agent configuration and click Refresh Configuration to ensure the agents are using the latest configuration. |
1 |
On the Active Directory Database Auditing page, select the required template and click Edit. This opens the Active Directory Database auditing wizard where you can modify the current settings. |
2 |
Click Finish to save your changes and return to the Active Directory Database Auditing page. |
Disabling a template temporarily stops auditing without having to remove the auditing template.
2 |
To enable the auditing template, select Enable in the Status cell. |
1 |
On the Active Directory Database Auditing page, select the required template and click Delete | Delete Template. |
2 |
Click Yes to confirm. |
The Active Directory Database Auditing wizard opens when you select Add on the Active Directory Database auditing page. This wizard steps you through the process of defining the Active Directory database processes to audit.
Select Active Directory Database processes to audit: On the first page of the wizard, enter a name for the template and select the Active Directory database processes that are exempt from auditing. | |
(Optional) Select processes exempt from auditing: Select the processes to exclude from auditing (for example, changes made by the processes specified on this page will be excluded from auditing). | |
Select one or more processes from the process list and click Add to move these processes to the exclusion list. By default, all processes (except lsass.exe) will be audited. You can also view processes on a different server or enter a process not listed in the process list. | |
The list box across the bottom of the page displays the objects that are exempt from auditing. Click Remove to remove a process from the exemption list. |
© ALL RIGHTS RESERVED. Conditions d’utilisation Confidentialité Cookie Preference Center