Configuring domain controllers for Exchange auditing


The default Domain Controller Policy should be configured for accessing Mailbox Properties Changes and Mailbox Permission Changes reports. Upon configuration, events related to mailbox permission and property changes will be recorded in the Security Log of Event Viewer. Based on the event details fetched from there, the permission and property change reports are generated.

Configuring audit policy in domain controllers

  1. Log on to a Domain Controller as an administrator.
  2. Open Group Policy Management Editor. Based on your Windows Server version, follow the below mentioned steps to open it.
    • Windows Server 2012 and above:
      • Go to Start → Administrative tools → Group Policy Management.
      • Navigate to Forest Name → Domains → Domain Name → Group Policy Objects. Right-click on Default Domain Controller Policy and choose Edit.
      • In the left pane, navigate to Computer Configuration → Policies → Windows Settings → Security Settings → Local Policies → Audit Policy.
      • Configuring Domain Controller Policy
    • Windows Server 2008
      • Go to Start → Administrative tools → Group Policy Management.
      • Navigate to Forest Name → Domains → Domain Name → Group Policy Objects. Right-click on Default Domain Controller Policy → Edit.
        Configuring Domain Controller Policy
      • In the left pane, navigate to Computer Configuration → Policies → Windows Settings → Security Settings → Local Policies → Audit Policy.
    • Windows Server 2003
      • Go to Start → Administrative Tools → Domain Controller Security Policy.
      • In the left pane, under Local Policies, select Audit Policy.
  3. In the right pane of Group Policy Management Editor, double-click the following policies one-by-one and enable Success and Failure settings.
    • Audit directory service access
    • Audit object access.
    • Configuring Domain Controller Policy
  4. Expand Advanced Audit Policy Configuration in the left pane.
  5. Select DS Access.
  6. In the right pane, double-click the following policy and enable Success setting for Audit Directory Service Changes.
  7. Select Account Management in the left pane.
  8. In the right pane, double-click the following policy and enable Success setting for Audit Distribution Group Management.
  9. Configuring Domain Controller Policy

Note: On configuring, all the available event logs will be fetched. If there are no event logs, please wait for the event to occur and log collection to happen.

Copyright © 2021, ZOHO Corp. All Rights Reserved.