SACLs to enable OU Management Audit

 

 

Policy that determines the security events to be reported to the network administrator.

 

To allow ADAudit Plus to report on Security events - the Audit Policy must be defined accordingly in your Auditing Policy settings of the ADUC (“Active Directory Users and Computers” console) on your Domain Controller machine.

 

To perform this procedure, you must be a member of the Domain Admins group or the Enterprise Admins group in Active Directory, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure.   

  1. Open "Active Directory Users and Computers".  

    1. (Click ”Start” --> Click “Control Panel” --> double-click ”Administrative Tools and then -->> double-click “Active Directory Users and Computers “)

  2. In the console tree, right-click the "domain"

  3. Click “Properties”, and then click the “Security” tab.

  4. Click “Advanced” to open the Window to enter “Advanced Security Settings for the Domain”

  5. Click “Add” to add the security principal you want to apply the security policy (In our case it is “Everyone”)  and click on OK

  6. This opens the window to select “Auditing Entries for the Domain”

To get the audit trail from Active Directory on the creation (or) deletion of Organizational Unit objects, you must check the below auditing entries:

  1. Select Apply onto : This object and all child objects

  2. Select the Success check box for the below Audit Entries

    1. Create Organizational Unit Objects

    2. Delete Organizational Unit Objects

 

To get the audit trail from Active Directory on Write All Properties, Delete, and Modify Permissions for  Organizational Unit objects, you must check the below auditing entries:

  1. Select Apply onto : Organizational Unit objects

  2. Select the Success check box for the below Audit Entries

    1. Write All Properties

    2. Delete

    3. Modify Permissions

To get the audit trail from Active Directory on (Users, Groups, Computers) Creation in OU,  you must check the below auditing entries:

  1. Select Apply onto : This object and all child objects

  2. Select the Success check box for the below Audit Entries

    1. Create User objects

    2. Create Group Objects

    3. Create Computer Objects

Table provides details on SACLs for OU Auditing:

 

 

Object to set SACL on

Principal

Type

Accesses

Scope

SACLs to Create, Delete OU object

Domain

Everyone

Success

Create organizationalUnit Object, Delete organizationalUnit Object

This object and all child objects

SACLs to Write All Properties, Delete, and Modify Permissions for  Organizational Unit objects

Domain

Everyone

Success

Write All Properties, Delete, Modify Permissions

Organizational Unit objects

SACLs to enable auditing Child Objects(Users, Groups, Computers) Creation in OU

Domain

Everyone

Success

Create user Object, Create group Object, Create computer Object

This container and all sub-containers and objects

 

 

Copyright © 2020, ZOHO Corp. All Rights Reserved.
ManageEngine
Get download link