How to set up auditing for changes to the Unix attributes ?
Need to audit changes made to the Unix attributes of the Unix-enabled users in Active Directory.
1 - Open ADUC (Active Directory Users and Computers) mmc
2 - Enable 'Advanced Features' option from the View menu.
3 - Right click on the OU/container where you have your Unix-enabled users.
4 - Select "Properties", then the "Security" tab and click "Advanced".
5 - Select "Auditing" tab and add an Auditing entry -- Under "Properties" tab: "Everyone" and Apply onto "User objects".
6 - Check the "Successful" and "Failed" boxes, for Write access for each Unix attribute (UID Number, GID Number, gecos, loginShell, unixHomeDirectory).
You can apply these auditing entries to objects and/or containers within this container only, or otherwise the whole domain.
Once auditing is set up, the corresponding log entries can be accessed from your Event Viewer (Security) for "Directory Service Access".