Auditing of Configuration Container and Schema

Email It to Me Print this Page
Symptoms The daily summary report shows "Your default configuration and schema container audit settings may prevent the 'Who Changed' field from being reported correctly."
Cause By default, auditing of Configuration and Schema containers is not enabled and changes made to these objects may not be reported correctly by Netwrix Auditor: Active Directory, Group Policy and Exchange Servers.
Resolution Please follow these steps to enable object-level auditing:
  1. Start -> Administrative Tools -> ADSI Edit.
  2. Right-click the root node, select Connect to, and connect to the Configuration naming context of your domain.
  3. Right-click the Configuration node and select Properties -> Security tab.
  4. Click Advanced and select the Auditing tab.
  5. Click Add and type "Everyone" .
  6. Double-click created auditing entry and set Apply onto to "This object and all descendant objects".
  7. Set all items to "Successful" except for the following:
    • Full Control
    • List Contents
    •  Read Permissions
    • Read All Properties.
    Note: Do NOT click the check-box named Apply these auditing to objects and/or containers within this container only.
  8. Click OK.
  9. Repeat all of the steps above for the Schema container.
Was this information helpful?