How to Audit the 5 Most Important Active Directory Changes
Today, Active Directory is the central identity store and authentication provider for most networks, so keeping it secure is critical. In this white paper, Randy Franklin Smith discusses the 5 most important changes that affect the security of Active Directory, shows you how to audit these events using native auditing, and points out the limitations and gaps you should be aware of.
Note that the events described in this white paper are generated by domain controllers. To log them, you need to enable audit policies in the Default Domain Controller Security Policy GPO.