Error: "Auditing of Directory Service Access and successful Account Management events is not enabled for this DC. Please adjust audit policy settings"

Active Directory error report event Who Changed
Email It to Me Print this Page
Symptoms
  • The Change Summary and the Netwrix Auditor System Health log (Netwrix Auditor log in 6.5 or warning.txt file in 5.0) contain the following warning message: "Auditing of Directory Service Access and successful Account  Management events is not enabled for this DC. Please adjust audit  policy settings".  
  • "Who Changed" field contains the "System" value.
Cause The Local Security Policy snap-in on the domain controller indicates that the Audit directory service access and/or the Audit account management options are not set to "Success".
 If these settings are set to "Success" in the applied effective policy, but you keep receiving this error, this may be due to one of the following reasons: 
  • The effective policy applied to domain controllers is not configured properly. 
  • For some reason, the effective policy is not applied to the domain controller. 
  • The audit settings are configured using the Advanced Audit Policies. 
Resolution
  • Set the Audit directory service access and Audit account management options to "Success". To do this, perform the following steps:
  1. Open the Group Policy Management console on any domain controller in the target domain: navigate to Start --> Administrative Tools --> Group Policy Management.
  2. In the left pane, navigate to Forest: <domain_name> --> Domains --> <domain_name> --> Domain Controllers. Right-click the effective domain controllers policy (by default, it is the Default Domain Controllers Policy), and select Edit from the pop-up menu.
  3. Navigate to Computer Configuration --> Policies --> Windows Settings --> Security Settings --> Local Policies --> Audit Policy.
  4. Make sure that the  Audit directory service access and Audit account management  are set to "Success" (or "Success" and "Failure").
  5. Navigate to Start --> Run and type '"cmd". Input the "gpupdate /force" command and press Enter. The group policy will be updated. 
 
  • If the effective policy is applied to the domain controller, but you keep receiving this error, contact your Administrator. 
  • If you sure that you have the Advanced Audit Policies applied correctly, but keep receiving this error, you can omit it. Perform the following steps to omit the error:
  1. On the computer where Netwrix Auditor is installed, navigate to Start --> Run and type "regedit".
  2. Navigate to the following node: Versions 6.5 and Below - HKEY_LOCAL_MACHINE\SOFTWARE\(Wow6432Node)\Netwrix\AD Change Reporter  and set the IgnoreAuditCheckResultError registry key to "1".  If this key does not exist please create it.
 
Note: In Netwrix Auditor 7.0 the registry location is  HKEY_LOCAL_MACHINE\SOFTWARE\(Wow6432Node)\Netwrix Auditor\AD Change Reporter
Was this information helpful?