Updating ACL Settings

To enable logging of actions performed in your domain, you need to update ACL auditing settings applied to the following naming contexts: Default naming context and Configuration.

  1. Start ADSI Edit tool.
  2. In ADSI Edit window, right-click the root node and select Connect to.

  3. In the Connection Settings dialog, expand the drop-down list under Select a well known Naming Context and specify Default naming context.

  4. Expand the context node, right-click your domain node, and then click Properties.
  5. In the dialog that opens, select the Security tab and click Advanced.
  6. In the Advanced Security Settings dialog, select the Auditing tab and click Add.

  7. In the Auditing Entry dialog, complete the following fields:

    OPTION

    SET TO

    Select a principal

    Everyone

    Type

    Success

    Applies to

    This object and all descendant objects

    Permissions

    All checkboxes except Full control, List contents, Read permissions, and Read all properties.

  8. Close the dialogs.
  9. In the ADSI Edit window, right-click the root node and connect to the Configuration naming context. Create the same auditing entry for the Configuration partition. Go back to step 4.