Active Directory: Manual Configuration
To configure your domain for monitoring manually, you will need:
- Group Policy Management Console — if you plan to perform configuration steps from a Domain Controller
- ADSE Edit - if you plan to perform configuration steps from a server other than Domain Controller.
NOTE: If these tools are not installed, refer to related sections:
Take the following configuration steps:
- Configure effective domain controllers policy (by default, Default Domain Controllers Policy). See Configure Basic Domain Audit Policies or Configure Advanced Audit Policies for details.
- Configure Object-Level Auditing
- Adjusting Security Event Log Size and Retention Settings
- Enable Secondary Logon Service
If you have an on-premises Exchange server in your Active Directory domain, consider that some changes to AD can be made via that Exchange server. To be able to audit and report who made those changes, you should Configure Exchange Administrator Audit Logging Settings
Optionally, you can Adjust Active Directory Tombstone Lifetime.
Also, remember to do the following for AD auditing:
- Configure Data Collecting Account, as described in Configure Data Collecting Account
- Configure required protocols and ports, as described in Protocols and Ports Required for Monitoring Active Directory, Exchange, and Group Policy section.