Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-5595: Is there a way to find out who added a user to a Zone in Access Manager?

Authentication Service ,  

29 December,16 at 08:53 PM

Applies to: All versions of Centrify Direct Control

Is there a way to find out who added a user to a Zone in Access Manager?

You can use ADSIedit to set up auditing on Service Connection Points (i.e. zone objects).

Here are the basic steps you can follow to set auditing within Windows.

In ADSI edit -> search for the zone or container -> right click on the zone or container -> Properties -> Security -> Advanced -> Auditing.

By default, you should see Everyone is being audited. If not, you can click on Add -> Everyone -> "Apply onto" pull drop-down menu and select ServiceConnectionPoint.

You can set the permissions to "Write all Properties". This modifies the existing UNIX profile. You can also create a new one by selecting Create and/or Delete. 

Once this is done, any changes made in Centrify DirectControl Console such as adding a new user to zone will show up in the security event log. 

Since this 
audit is per machine/DC based these steps will need to be done on all domain controllers that are used  for Centrify as it is possible for any DC to handle the request.  This information is not replicated to other DC's.  

Please note:

This is all part of Active Directory auditing and unrelated to Centrify products. This is a recommendation for tools to use for auditing zone object changes.

Example of events being written to the MS Security log:

Event ID 4662
Task Category Directory Service Account

This event contains the name of the account making the addition as well as the User that was added.