Active Directory Audit logs

[Guest]

My domain is managed by higher level authority. I have OU administration. I
need to request that event data related to my OU be segregated from the rest
of the domain audit data for me to capture with my SIM product. I do not see
how that is possible without complex scripting against the event log data.
Am I missing something?

 

[Simon Geary]

What events are you wanting to monitor? Most logging of account related
events (logon, logoff etc) is done on the default domain controllers OU so
it wouldn't be a simple task to pluck your users data out of this.

 

[Guest]

Accout logon events, account management, directory service access (for SACL
protected objects), Logon events, policy change, system events (to capture
audit log cleared at DC)- All for events related to my OU only. That is the
dilema. I cannot ask for event logs of the entire domain because of data
ownership issues (other OUs). So...Knee pads and a solution to recommend
globally is what I need.

 

[Ryan Hanisco]

Yeah.. you're stuck on this one without complicated scripting.

The higher level admin might be able to hand you filtered event logs but
there is nothing automated.