Audit Directory Service access
Windows 10
To access, do the following
-
Expand Local Policies
-
Expand Audit Policy
-
Double-click Audit directory service access
Audit directory service access
This security setting determines whether the OS audits user attempts to access Active Directory objects. Audit is only generated for objects that have system access control lists (SACL) specified, and only if the type of access requested (such as Write, Read, or Modify) and the account making the request match the settings in the SACL.
The administrator can specify whether to audit only successes, only failures, both successes and failures, or to not audit these events at all (i.e. neither successes nor failures).
Audit directory service access
This security setting determines whether the OS audits user attempts to access Active Directory objects. Audit is only generated for objects that have system access control lists (SACL) specified, and only if the type of access requested (such as Write, Read, or Modify) and the account making the request match the settings in the SACL.
The administrator can specify whether to audit only successes, only failures, both successes and failures, or to not audit these events at all (i.e. neither successes nor failures).
If Success auditing is enabled, an audit entry is generated each time any account successfully accesses a Directory object that has a matching SACL specified.
If Failure auditing is enabled, an audit entry is generated each time any user unsuccessfully attempts to access a Directory object that has a matching SACL specified.
Default values on Client editions:
Directory Service Access: No Auditing
Directory Service Changes: No Auditing
Directory Service Replication: No Auditing
Detailed Directory Service Replication: No Auditing
Default values on Server editions:
Directory Service Access: Success
Directory Service Changes: No Auditing Directory
Service Replication: No Auditing
Detailed Directory Service Replication: No Auditing
Important: For more control over auditing policies, use the settings in the Advanced Audit Policy Configuration node. For more information about Advanced Audit Policy Configuration, see https://go.microsoft.com/fwlink/?LinkId=140969.