Your network consists of a single Active Directory domain.All domain controllers run Windows Server 2008 R2.The Audit account management policy settiing and Audit directory services access setting are enabled for the entire domain.You need to ensure that changes made to Active Directory objects can be logged.The logged changed must include the old and new values of any attributes .what should you do ?
A.Run auditpol.exe and then configure the Security settings of the Domain Controllers OU.
B.From the Default Domain Controllers policy, enable the Audit directory service access setting and enable directory service changes.
C.Enable the Audit account management policy in the Default Domain Controller Policy.
D.Run auditpol.exe and then enable the Audit directory service access setting in the Default Domain policy.
Answer:A
PS:当账户审核策略和审核目录服务已经被启用,我们要记录账户属性新老值变化,应该做什么?
运行auditpol.exe,配置域控制器上OU的安全设置。
