Audit Policies must be configured for respective computers that require audit.
Specific audit entries (SACLs) must be enabled for audit objects.
Configuring Audit Policy:
Audit Policies must be configured in any Active Directory environment; this ensures that relevant audit data are logged into the security logs of desired computers / domain controllers. ADAudit Plus will be able to collect and report audit data only for audit policy enabled computers.
To audit the entire Active Directory – The Default Domain Controller policy must be configured.
To audit File Servers – Audit Policy must be configured for the specific File Servers from where audit data is required.
To audit Member Servers - Audit Policy must be configured for the specific Member Servers from where audit data is required.