Hello to all, I need to audit DNS changes (creation, edition and deletion of zones and records) in a DNS environment that is integrates with AD. DC versions: Win2003, 2008, 2008 R2, 2012, 2012R2 and 2016.
I know that there are specific configurations to generate DNS events and they depend of the DC version. Until Win2012 (included) one should use GPO + ADSEdit and with Windows 2012R2 and later an enhanced method appeared named "DNS Logging and Diagnostics" (https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn800669(v=ws.11). I didn't see any reference in "DNS Logging and Diagnostics" article and others, citing any reference to ADSIEdit. Questions:
1- How to configure DNS audit events (zone and record - deletion, creation and edition) on a single domain that have DCs in versios like 2008, 2012 and 2016? Will one kind ("legacy" x "Logging and Diagnostics") of configuration impact on another one? How to enable DNS audit to get DNS events on several types of DCs - like the ones written here?
2- is there a GPO to configure "Logging and Diagnostics"?
Thanks in advance.
Regards, EEOC.