Skip to Main Content
Active Directory, 3rd Edition
book

Active Directory, 3rd Edition

by Joe Richards, Robbie Allen, Alistair G. Lowe-Norris
January 2006
Beginner content levelBeginner
832 pages
27h 52m
English
O'Reilly Media, Inc.
Content preview from Active Directory, 3rd Edition

Designing Auditing Schemes

Designing auditing schemes, in contrast to permissions, is a relatively easy process. Imagine the circumstances in which you may need to check what is happening in Active Directory, and then set things up accordingly.

Warning

You must remember that every Active Directory event that is audited causes the system to incur extra processing. Having auditing turned on all the time at the root for every modification by anyone is a great way to get all DCs to really slow down if a lot of Active Directory access occurs on those DCs.

That point bears repeating. Auditing changes to any object in the domain Naming Context (NC) will propagate domain-wide and cause logging to the security event log on every DC that services the Domain NC. Auditing changes to the Configuration NC or Schema NC will cause all DCs in a forest to begin auditing to their security event logs. You must have tools in place to retrieve logs from multiple DCs if you wish to see every security event that occurs. After all, if you have 100 DCs and are logging Configuration NC changes, then because changes can occur on any DC, you need to amalgamate 100 security event logs to gather a complete picture.[*]

Here are a few examples where designing auditing schemes could come in handy:

  • Someone complains that user details are being set to silly values by someone else as a joke.

  • You notice that new objects you weren't expecting have been created or deleted in a container.

  • The Active Directory hierarchy has ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Active Directory, 4th Edition

Active Directory, 4th Edition

Brian Desmond, Joe Richards, Robbie Allen, Alistair G. Lowe-Norris
Active Directory, Second Edition

Active Directory, Second Edition

Robbie Allen, Alistair G. Lowe-Norris

Publisher Resources

ISBN: 0596101732Supplemental ContentErrata Page