Configuring object-level auditing

Object-level auditing should be configured for accessing Mailbox Properties Changes and Mailbox Permission Changes reports. It must be done in two levels:

• Configuring object-level auditing in domain partition
• Configuring object-level auditing in configuration partition

Note: The below mentioned steps are applicable to all the Windows Servers irrespective of the version you use.

Configuring object-level auditing in domain partition

1. Go to Start → Administrative Tools → Active Directory Users and Computers.
2. Select Advanced Features from the View menu.

   

3. In the left pane, right-click on Domain and select Properties.
4. Under the Security tab, click on Advanced to open the Advanced Security Settings for Domain window.

   

5. Under the Auditing tab, click on Add to add the security principal object to which the policy will be applied.
6. Enter the object name as Everyone and click on OK. This opens the Auditing Entry for Configuration window.

   

7. From the Apply to/Apply onto field.
• Select Descendant User Objects, if using Windows Server 2012 or above.
• Select Descendant Users Objects, if using Windows Server 2008.
• Select User Objects, if using Windows Server 2003.
8. Select Successful for the following permissions (for Windows Server 2008 and below):
• Write All Properties
• Delete
• Modify Permissions
• All Extended Rights

Note: Select the permissions given in the image (for Windows Sever 2012 and above).



9. Click on OK.

Note: On configuring the domain partition, all the available data in the event logs will be fetched. If there is no data in the event logs, please wait for the desired event to occur and event collection to happen.

Configuring object-level auditing in configuration partitions

Object-level auditing in configuration partitions should be configured for accessing organization change-related reports. Upon configuration, events related to organization changes will be recorded in the Security Log of Event Viewer. Based on these event details, the organization change reports are generated.

1. Go to Start → Administrative Tools → ADSI Edit.
2. Select Configuration Partition.
3. In the left pane, right-click on the CN=Configuration and select Properties.

   

4. Under the Security tab, click on Advanced to open the Advanced Security Settings for Configuration window.

   

5. Under the Auditing tab, click on Add to add the security principal object to which the policy should be applied.
6. Enter the object name as Everyone and click on OK. This opens the Auditing Entry for Configuration window.

   

7. Select the following Access/Permissions
   • Write All Properties
   • Delete
   • Modify Permissions
   • All Extended Rights
   • Create all child objects

   

8. Specify the Apply onto/Apply to field as shown below
• If Windows Server 2003, select This object and all child objects.
• If Windows Server 2008, select This object and all descendant objects.
• If Windows Server 2012 or above, select, This object and all the descendant objects.
9. Select the Type as Successful.

   

10. Click OK.