With Native AD Auditing
With ADAudit Plus
ADAudit Plus generates reports by picking up and processing information from the Event Viewer. Therefore Audit Policy has to be first configured on the server for ADAudit Plus to create audit reports.
Open ADAudit Plus console and click on the Reports tab. Select User Management and navigate to Extended Attribute Changes report. This is a comprehensive report that provides all the necessary information in one place. It shows Here is a sample report:
Enable Audit Policy
Open Server Manager on your Windows server.
Under the Manage tab, click on Group Policy Management to open the Group Policy Management Console.
Navigate to Forest > Domain > Your Domain > Domain Controllers.
You can choose to either edit an existing group policy object or create a new one.
In the Group Policy Editor, navigate to Computer Configuration > Windows Settings > Security Settings > Advanced Audit Policy Configuration.
Expand the node and click on DS Access and then configure Audit DirectoService Changes. Enable it for both Success and Failure.
Using native AD tools
Use Windows Event Viewer to track the attribute change
Windows Event Viewer records changes to any object in the directory that has been set up for auditing. Each event is associated with a unique event ID.
To view or access the event logs, open Event Viewer and click on Windows Logs tab on the left pane. Then select the Security tab to view the relevant event logs in the center pane. Look for event ID 5136 which is triggered when a directory object is modified.
Click on the relevant event to get more details about it. The details would include the both the original and the modified attribute value of the directory object. Administrators will have to manually check every event one by one to find all the modified object attributes in the directory.
Native auditing becoming a little too much?
Simplify Active Directory auditing and reporting with ADAudit Plus.Get Your Free Trial Fully functional 30-day trial