Directory Update, Directory Manager, and Directory Password provide some limited logging and auditing capabilities. This auditing or logging capability is one of two functions: Writing changes to a text file and/or writing the last date/time of the last change to an attribute in Active Directory. These functions are controlled via the auditing section of the AppSettings.XML file. This section of this file is shown below.
<!-- Ensure that the "Application Pool" account (usually NETWORK SERVICE) has "Modify" permissions to the Logs folder. --> <auditing> <auditingAttribute enabled="no" attribute="extensionAttribute11" showUserLastUpdate="yes" text="Your last update was" /> <auditingLogFile enabled="no" logFileFolder="c:\inetpub\wwwroot\directoryupdate\logs"> <headers> <dateTime text="Date/Time" /> <userName text="User Name" /> <sourceIp text="Source IP" /> <fieldName text="Field Name" /> <oldValue text="Old Value" /> <newValue text="New Value" /> </headers> </auditingLogFile> </auditing>
By default, if you enable the auditingAttribute option, we will log the last date and time of the last last change to the attribute specified (extensionAttribute11 by default). To use one of the extenstionAttributes, your Active Directory forest must have been prepped for some versoinThe Directory Update AppSettings.XML file includes an option called showUserLastUpdate that will show the user the last date/time that they used Directory Update.
The auditingAttribute feature can also be used to check from a script to see how recently someone has used Directory Update and remind them to check their information. We have an unsupported scripted we call the Auto-Launch script that can be used for this purpose.
You can Directory Update, Directory Manager, and Directory Password to write changes to a log file via the auditingLogFile option. This will write information such as the user who made the change, the IP address from which the change was made, the value changed, the old value and the new value.
There are a few things that you should be aware of when using the auditingLogFile feature: