DNS Auditing
We're trying to track deletions from our DNS. I've followed this article (http://blogs.technet.com/b/yuridiogenes/archive/2008/03/06/auditing-a-dns-zone.aspx) but DNS events are still not being logged. We are currently in a Windows Server 2003 domain, but have a 2008 DC.
January 19th, 2011 6:50pm

Please make sure that the group policy is linked to the correct OU and check if there is AD replication problems. Also, execute the gpupdate /force command and check if all is okay (delete a DNS record and check if the event ID 566 has been logged). This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. Microsoft Student Partner Microsoft Certified Professional Microsoft Certified Systems Administrator: Security Microsoft Certified Systems Engineer: Security Microsoft Certified Technology Specialist: Windows Server 2008 Active Directory, Configuration Microsoft Certified Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Free Windows Admin Tool Kit Click here and download it now
January 19th, 2011 11:14pm

Hi hmaa, Thanks for posting here. I think the method that discussed in the blog post you provided is also apply to Windows server 2008. Please make sure that the audit policy has been applied to your computes like what Mr X replied first. Meanwhile, please also make sure you have properly set all settings like naming context . Thanks. Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
January 20th, 2011 1:13am

The policy is linked to the correct OU and both DCs are in that OU. I went back through the steps again and noticed that for Step 5, under CN=MicrosoftDNS where DC=contoso.msft, my domain is missing. I'm thinking that's the problem. Why is it missing?
Free Windows Admin Tool Kit Click here and download it now
January 20th, 2011 4:15pm

You have to provide the connection string of the domain which you want to audit. Add in your DC = "domain name" upon OK , you will need to navigate to the domain and add the required permissions.
January 20th, 2011 10:17pm

The string I've put in is dc=domaindnszones,dc=[domain name],dc=com. That connects to my DC fine, but my domain is missing under CN=MicrosoftDNS where DC=contoso.msft is.
Free Windows Admin Tool Kit Click here and download it now
January 21st, 2011 3:21pm

Hi hmaa, Thanks for update. Could you just capture the screenshot like what Figure 3 showing , upload to the link below for further investigation or to skydriver so that other people who read the public post regularly who will either share their knowledge. https://sftus.one.microsoft.com/choosetransfer.aspx?key=cb255bd2-3671-4478-953c-404d89d59c29 Password: lH]]Y[Hpht Thanks. Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.com Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
January 23rd, 2011 11:52pm

Hi hmaa, If there is any update on this issue, please feel free to let us know. We are looking forward to your reply. Tiger Li TechNet Subscriber Support in forum If you have any feedback on our support, please contact tngfb@microsoft.comPlease remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
January 25th, 2011 4:52am

Here is an image. Under CN=MicrosoftDNS we have a reverse lookup zone and DC=RootDNSServers, but not our forward lookup zone. The reverse lookup zone is being audited correctly.
January 31st, 2011 6:12pm

Any ideas?
Free Windows Admin Tool Kit Click here and download it now
February 10th, 2011 2:01pm

Sorry to threadjack, but we are having the exact same issue (the forward lookup zone for our domain is missing under the MicrosoftDNS container object). Was there ever any resolution here?
June 21st, 2011 12:41pm

Hi Everyone- I did some more digging, and I think I fixed my own problem- if Active Directory Zone replication isn't set to Forest or Domain level, and instead set to Domain Controller level (Windows 2000 compatible), the zone doesn't show up in the MicrosoftDNS container under DomainDNSZones. We changed our zone to replicate to "All DNS servers in the domain" (The default setting for a windows server 2003 AD integrated zone), and the partition appeared and I could enable auditing- hopefully this helps someone else!
Free Windows Admin Tool Kit Click here and download it now
June 21st, 2011 2:40pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics