Hi All,
I have become the Domain Admins for our environment. What I would like to do is create an Audit via GPO in order to oversee who has amended, deleted, or created an object within our domain.
I believe the way to achieve this would be through Computer Configuration > Policies > Windows Settings > Security Settings > Advanced Audit Policy Configuration > Audit Policies > DS Access and then Audit Directory service changes. Does anyone know if this is the right policy for Auditing changes within AD objects. Any information would be greatly appreciated.