Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-2213: Auditing Roles assignment changes

Authentication Service ,  

12 April,16 at 11:11 AM

Applies to: All version of Centrify DirectManage on All Platforms.



Can DirectManage generate an event in Event Viewer when an AD user with certain rights does role assignments, granting of privileges, etc. when using the Centrify Admin Console?



You can manually create AD auditing rules in ADSIEdit.


To audit any role assignment changes (creation, deletion, modification) made by Domain Users, define the audit rules below:










·         To apply to the entire domain, define the rule at the domain root entry (e.g. DC=centrify,DC=local)

·         To apply to a single zone, define the rule on the zone object.

·         The generated audit events should use IDs 4662, 5136, 5137

·         To enable AD Directory Service Auditing: