Applies to: All version of Centrify DirectManage on All Platforms.
Can DirectManage generate an event in Event Viewer when an AD user with certain rights does role assignments, granting of privileges, etc. when using the Centrify Admin Console?
You can manually create AD auditing rules in ADSIEdit.
To audit any role assignment changes (creation, deletion, modification) made by Domain Users, define the audit rules below:
· To apply to the entire domain, define the rule at the domain root entry (e.g. DC=centrify,DC=local)
· To apply to a single zone, define the rule on the zone object.
· The generated audit events should use IDs 4662, 5136, 5137
· To enable AD Directory Service Auditing: http://support.microsoft.com/kb/814595