Configuring object-level auditing


Object-level auditing should be configured for accessing Mailbox Properties Changes and Mailbox Permission Changes reports. It must be done in two levels:

Note: The below mentioned steps are applicable to all the Windows Servers irrespective of the version you use.

Configuring object-level auditing in domain partition

  1. Go to Start → Administrative Tools → Active Directory Users and Computers.
  2. Select Advanced Features from the View menu.

    Configuring Object level Auditing

  3. In the left pane, right-click on Domain and select Properties.
  4. Under the Security tab, click on Advanced to open the Advanced Security Settings for Domain window.

    Configuring Object level Auditing

  5. Under the Auditing tab, click on Add to add the security principal object to which the policy will be applied.
  6. Enter the object name as Everyone and click on OK. This opens the Auditing Entry for Configuration window.

    Configuring Object level Auditing

  7. From the Apply to/Apply onto field.
    • Select Descendant User Objects, if using Windows Server 2012 or above.
    • Select Descendant Users Objects, if using Windows Server 2008.
    • Select User Objects, if using Windows Server 2003.
  8. Select Successful for the following permissions (for Windows Server 2008 and below):
    • Write All Properties
    • Delete
    • Modify Permissions
    • All Extended Rights

    Note: Select the permissions given in the image (for Windows Sever 2012 and above).

    Configuring Object level Auditing

  9. Click on OK.
  10. Note: On configuring the domain partition, all the available data in the event logs will be fetched. If there is no data in the event logs, please wait for the desired event to occur and event collection to happen.

Configuring object-level auditing in configuration partitions

Object-level auditing in configuration partitions should be configured for accessing organization change-related reports. Upon configuration, events related to organization changes will be recorded in the Security Log of Event Viewer. Based on these event details, the organization change reports are generated.

  1. Go to Start → Administrative Tools → ADSI Edit.
  2. Select Configuration Partition.
  3. In the left pane, right-click on the CN=Configuration and select Properties.

    Configuring Object level Auditing

  4. Under the Security tab, click on Advanced to open the Advanced Security Settings for Configuration window.

    Configuring Object level Auditing

  5. Under the Auditing tab, click on Add to add the security principal object to which the policy should be applied.
  6. Enter the object name as Everyone and click on OK. This opens the Auditing Entry for Configuration window.

    Configuring Object level Auditing

  7. Select the following Access/Permissions
    • Write All Properties
    • Delete
    • Modify Permissions
    • All Extended Rights
    • Create all child objects

    Configuring Object level Auditing

  8. Specify the Apply onto/Apply to field as shown below
    • If Windows Server 2003, select This object and all child objects.
    • If Windows Server 2008, select This object and all descendant objects.
    • If Windows Server 2012 or above, select, This object and all the descendant objects.
  9. Select the Type as Successful.

    Configuring Object level Auditing

  10. Click OK.
Get download link