To audit any Active Directory attribute that is not specifically defined in the Active Administrator, enable the “AD Object Changed” Event Definition in the Active Administrator Auditing & Alerting | Event Definitions. (figure 1).
The “General Events” definitions are provided for auditing changes to the attributes of Active Directory objects that are not otherwise specified in the other categories. This includes, AD Object Created, AD Object Deleted, and AD Object Renamed/Moved, (figure 1).
Figure 1
Please Note:
Enabling any or all of the definitions in the General Events section will cause the Active Administrator agent to collect a large amount of generic AD events, including those being captured under other more specific event definitions. In addition to the potential for duplicate events, a drastic increase in database size and activity may also occur.
It may be necessary to enable other audit policies in the Default Domain Controller policy, depending on the Active Directory attribute to be audited, (figure 2).
Figure 2
When a change is made to any Active Administrator undefined attribute, in this example the accountExpires attribute, the change event will now be captured in the Active Administrator Auditing section, (figure 3).
Figure 3
© ALL RIGHTS RESERVED. Feedback Termini di utilizzo Privacy Cookie Preference Center