The world's most trusted forum on Active Directory Security
I have another question I was hoping to get some help with. We have been tasked with documenting all our Active Directory audit settings i.e. what is being audited in our AD.
We need to be able to get this information easily and document it in the form of a txt/csv file, so we can review and analyze it, and compare it with our audit policy settings to ensure that we are in fact auditing everything we need to from a policy perspective.
Does anyone know of an easy way to audit and export the audit settings itself?
Thank you for your help.
My little dot on the web - Auditing Security in the Active Directory
That's a very good and logical question, although I have to admit, it is one I have never asked myself, but I suppose should. The need to know what is being audited sounds quite important.
I suppose in order to figure this out one would need to dump all the audit settings from all the objects in the Active Directory. Its sort of like dumping permissions, wth the difference being that one needs to dump the audit settings instead of the permissions though.
I would suggest trying scripting.