Lesson 1, Topic 6
In Progress

Directory Services Logs

Lesson Progress
0% Complete

The Windows Active Directory Server (ADS) is the centrepiece of every Windows domain. It holds all key information about the domains, sub-domains, servers, users and services in a network.

The logs from this device will help us to identify the malicious activities by both general and privileged users as well as any kind of unnatural behaviour of devices in the network.

The Windows AD Servers logs usually provide the following key information elements to assist with analysis:

  • Object modifications
  • Object creation, deletion
  • Group, OU. GPO. modifications
  • Domain modifications
  • Information on account performing activities
  • Failed modifications
  • Elevation of privileges
  • Cryptographic failures
  • Certificate failures
  • Replication failures
  • Shutdown / reboot of service
  • User information
  • Terminal information