This section provides step-by-step procedures
for enabling auditing of changes to objects in AD DS. This process
consists of two primary steps:
1: Enable audit policy.
2: Set up auditing in object SACLs by using Active Directory Users and
Step 1: Enable audit policy.
Click Start, point to Administrative Tools, and then Group
In the console tree, double-click the name of the forest,
double-click Domains, double-click the name of your domain,
double-click Domain Controllers, right-click Default
Domain Controllers Policy, and then click Edit.
Under Computer Configuration, double-click Policies, double-click Windows
double-click Security Settings, double-click Local
and then click Audit Policy.
In the details pane, right-click Audit
directory service access, and then click Properties.
Select the Define these policy settings check box.
Under Audit these attempts, select the Success, check box, and then
2: Set up auditing in object SACLs.
following procedure presents an example of just one of many different types
of SACLs that you can set in AD. You can configure additional SACLs based on the operations that you want to audit.
up auditing in object SACLs
Click Start, point to Administrative Tools,
and then click Active
Directory Users and Computers.
organizational unit (OU) (or any object) for which you want to enable
auditing, and then click Properties.
Click the Security tab,
and then click the Auditing
Click Add, and under Enter the object name to select,
type Authenticated Users (or any other security principal), and then click OK.
In Apply onto, click This object and all descendant object
Under Access, select the
check box for Write
all properties.  If you want to audit creation and deletion of objects, select the Successful check box for Delete, Delete
subtree and Create all child objects too.
Click OK until you exit
the property sheet for the OU or other object.