Audting of _MSDCS DNS zone ? RRS feed

  • Question

  • Looking at ways to audit the _MSDCS DNS zone as have occasionally seen rogues entries appear.  Ideally wanted something proactive which would send email when new records appear in this zone so we can review if they are legitimate or not.  What native auditing is available and how configurable is it ?
    Wednesday, March 12, 2014 1:21 PM


All replies

  • Hi,

    Thanks for posting.

    I think if you follow the guide here


    it should give you what you want. You can set a scheduled task to monitor for specific events and generate an email to be sent to an administrator if that eventID occurs. The article is for 2003, but the process for 2008 and 2012 is similar.

    Hope this helps.



    Denis Cooper


    Help keep the forums tidy, if this has helped please mark it as an answer

    Blog: http://www.windows-support.co.uk  Twitter:   LinkedIn:

    • Proposed as answer by bshwjt Wednesday, March 12, 2014 2:50 PM
    • Marked as answer by Amy Wang_ Tuesday, March 18, 2014 3:28 AM
    Wednesday, March 12, 2014 1:32 PM
  • Thanks Denis.  Few questions.  Would the same process be applied for auditing of forest wide DNS zones ?  I see that auditing can be enabled on DNS zones using the DNS console UI so what is difference between using the DNS console and the approach with ADSIEDIT in link ?  Is it possible to audit a DNS child node zone rather than top level ?  in my scenario auditing the whole DNS zone would be too noisy.
    Wednesday, March 12, 2014 4:39 PM
  • If the zone is forest wide then you have to connecto to that naming context another good walk through


    Is the other zone a domain under the parent?



    Follow @mekline

    • Marked as answer by Amy Wang_ Tuesday, March 18, 2014 3:28 AM
    Wednesday, March 12, 2014 9:04 PM
  • Thanks Mike.  Its _msdcs under parent domain yes.
    Wednesday, March 12, 2014 10:31 PM