Active Directory Audit Tools

The action that's done. The user who took the action. The success or failure of the event, and the time that the event occurred.


Configure an audit policy setting for a domain controller.


When you configure an audit policy setting, you can audit objects, but you can't specify the object you want to audit.

SQL Server

Configure auditing for specific Active Directory objects.

  • After you specify the events to audit for files, folders, printers, and Active Directory objects, Windows Server 2003 tracks and logs these events.
  • You must grant the Manage Auditing And Security Log user right to the computer where you want to either configure an audit policy setting or review an audit log.
  • By default, Windows Server 2003 grants these rights to the Administrators group.
  • The files and folders that you want to audit must be on Microsoft Windows NT file system (NTFS) volumes.
  • Select Start > Programs > Administrative Tools, and then select Active Directory Users and Computers.
  • On the View menu, select Advanced Features. Right-click Domain Controllers, and then select Properties.

Select the Group Policy tab, select Default Domain Controller Policy, and then select Edit. Select Computer Configuration, double-click Windows Settings, double-click Security Settings, double-click Local Policies, and then double-click Audit Policy.

In the right pane, right-click Audit Directory Services Access, and then select Properties. Select Define These Policy Settings, and then select one or both of the following check boxes:.

Operating system

Success: Select this check box to audit successful attempts for the event category.

  • Failure: Select this check box to audit failed attempts for the event category.
  • Right-click any other event category that you want to audit, and then select Properties.
  • The changes that you make to your computer's audit policy setting take effect only when the policy setting is propagated or applied to your computer.
  • Complete either of the following steps to initiate policy propagation:.
  • Type gpupdate /Target:computer at the command prompt, and then press ENTER.

Wait for automatic policy propagation that occurs at regular intervals that you can configure. By default, policy propagation occurs every five minutes.

Coordinator software and configuration

Open the Security log to view logged events.

  • If you are either a domain or an enterprise administrator, you can enable security auditing for workstations, member servers, and domain controllers remotely.
  • Select Start > Programs > Administrative Tools, and then select Active Directory Users and Computers.

Make sure that you select Advanced Features on the View menu. Right-click the Active Directory object that you want to audit, and then select Properties.

Select the Security tab, and then select Advanced. Select the Auditing tab, and then select Add.

Take one of the following actions:. Type the name of either the user or the group whose access you want to audit in the Enter the object name to select box, and then select OK.

  • In the list of names, double-click either the user or the group whose access you want to audit. Select either the Successful or the Failed check box for the actions that you want to audit, and then select OK.
  • Select OK, and then select OK.
  • We've compiled a MASSIVE List of the Best (and Free) Active Directory Tools (Update for 2022) for Windows admins that will help with any of your Auditing, Reporting and Management needs.
  • We've gone through this list and will update it as more tools become available or become obsolete, as not every software manufacturer updates their tools for the latest version of Active Directory (2003, 2012 & 2016).
Coordinator footprint
  • Here is our list of the Top-10 Active Directory Tools:.
  • SolarWinds Permissions Analyzer for Active Directory – FREE TOOL This excellent tool will give you insights into both the user account structure and the device permissions that are currently laid out in your AD implementations.
  • Runs on Windows Server. SolarWinds Admin Bundle – FREE TOOL this free user account management tool lets you upload accounts in bulk into AD and helps you spot inactive users, together with network management tools.

Runs on Windows Server. ManageEngine ADManager Plus – FREE TRIAL A package of AD management tools with functions that can interface with Microsoft 360 as well as your Azure, AWS, and on-premises AD implementations.

Comments are closed.