Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-1226: How to audit changes to zone objects (ServiceConnectionPoint)

Centrify DirectAudit ,   Centrify DirectControl ,   Centrify Identity Service, Mac Edition ,  

12 April,16 at 11:02 AM

Question:
What level of auditing is available to track / monitor, or does the Centrify DirectControl Console generate certain logging events, when changes are made to user and group objects in a zone? 

Answer:
You can use ADSIedit to set up auditing on Service Connection Points (i.e. zone objects).

Here are the basic steps you can follow to set auditing within Windows:

In ADSI edit -> search for the zone or container -> right click on the zone or container -> Properties -> Security -> Advanced -> Auditing.

By default, you should see Everyone is being audited.  If not, you can click on Add -> Everyone -> "Apply onto" pull drop-down menu and select ServiceConnectionPoint.

You can set the permissions to "Write all Properties".  This modifies the existing UNIX profile. You can also create a new one by selecting Create and/or Delete.

Once this is done, any changes made in Centrify DirectControl Console such as adding a new user to zone will show up in the security event log.

Note:
This is all part of Active Directory auditing and unrelated to Centrify products. This is a recommendation for tools to use for auditing zone object changes.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.