To view Active Directory event logs and track changes, you can follow these steps:
- Open Event Viewer:
- Click on the “Start” button and type “event viewer” in the search box.
- Click on “Event Viewer” from the search results.
- Navigate to the Active Directory event logs:
- In the left pane of Event Viewer, expand “Windows Logs” and select “Security”.
- In the right pane, click on the “Filter Current Log” option.
- In the “Event sources” dropdown, select “Microsoft-Windows-Security-Auditing”.
- In the “Event ID” field, type “5136” and click “OK”. This will filter the log to show only events related to Active Directory changes.
- Interpret the events:
- Each event in the log will provide information about an Active Directory change, including the user who made the change, the object that was changed, and the type of change.
- The event description will contain details about the specific attribute or property that was changed, as well as the previous and new values.
- You can use this information to track changes made to Active Directory objects and identify potential security issues.
Note: In order to view Active Directory event logs, you must have administrative access to the domain controller or be a member of a group that has been granted access to view security event logs.