How to enable auditing of Active Directory objects in Windows Server?
- Login to the domain controller with administrative privileges.
- Start → Administrative tools → Group policy management console
- Navigate to the concerned domain/OU that houses the objects you want to audit.
- Right click on the concerned GPO and select 'Edit' .The Group Policy Management Editor opens up.
- Go to Computer Configuration → Policies → Windows Settings → Security Settings → Local Policies → Audit Policies
- Select "Audit object access" and select both the success and failure options to audit all accesses to every Active Directory object.