Auditing Changes to Active Directory Security groups.

Discussion in 'Active Directory' started by Venkatesh, Aug 26, 2009.

  1. Venkatesh

    Venkatesh Guest

    Hello there,

    We wish to monitor changes to privilege active directory security groups. In
    order to accomplish this, following auditing has been turned on:

    Account Management Events
    Audit directory service access

    We now receive alerts for every security group that is modified. In reality,
    we have like 50 security groups we consider as “privilege†(they are applied
    on to critical resources). We wish to receive alerts in Event viewer for
    these select 50 security groups and monitor their changes. Please let us know
    how to accomplish this. Thank you in advance for your support.

    Venkatesh, Aug 26, 2009
    1. Advertisements

  2. Venkatesh

    Marcin Guest

    Marcin, Aug 26, 2009
    1. Advertisements

  3. Hi Venkatesh

    MS Operation Manager will, if you that worried - try adding the highly
    sensitive groups "restrived Groups" under the Computer\Windows\Security
    portion of a new GPO you can create. add the groups from AD, add the current
    memembers of each of these groups - then link/enforce the policy. If you need
    to add a new admin to "domain admins" group, you will need to edit the GPO
    and add the member in the policy, then AD will automatically add the member.
    If someone does a friendship duty and adds some one to a restricted goup,
    they will be removed witin 5 minutes, unless it's added via the GPO

    Garry Starck-MCITP Enterprise Admin, Aug 26, 2009
  4. Venkatesh


    Dec 13, 2011
    Likes Received:
    Have you ever looked at a tool like NetWrix Active Directory Change Reporter or Quest ChangeAuditor for AD? If you’re looking for a way to automate change alerts to privileged groups, you should evaluate a few options. The netwrix tool also comes in a freeware version, but doesn’t include maximum functionality.
    Jesse1113, Apr 25, 2012
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.