|
I think dynamically registered records are tagged with the system, manually modified are tagged using the admins ID. (I am using my rusty memory for this reference, so you will want to test my theory). Also you might have to turn up the AD logging to get the info you are looking for. All AD Integrated DNS modifications are stored in the security logs, I think you are going to have to look for 526 or 529 Event ID’s , but you will need to search the body of the records to find out which record got modified. I would mention there is a third-party audit tool that can track and report on the configuration and architecture changes in DNS, but the last I checked they weren’t able to log record changes (TMI).
Todd
From: Tommy
[mailto:[EMAIL PROTECTED]
Trying to Audit changes to a DNS zone stored in AD, I have enabled all the native auditing in Group Policy and set SACLs on the Registry and AD objects that are associated with DNS, but the changes are ALL reported by the "System" account. I am looking for a way to audit WHO made changes to DNS,
T
|
- Re: [ActiveDir] Integrated Primary DNS Auditing Myrick, Todd (NIH/CC/DNA)
