Hi,
I have two 2008 R2 domain controllers in my domain. I recently changed the Domain Controllers Default Policy in order to troubleshoot a DNS problem. According to http://blogs.technet.com/b/askpfeplat/archive/2013/10/12/who-moved-the-dns-cheese-auditing-for-ad-integrated-dns-zone-and-record-deletions.aspx, I enabled the option "Audit: Force audit policy subcategory settings" and added audit of Directory Service Changes in DS Access under Advanced Audit Policy Configuration. The result was that security auditing stopped altogether, no further entries are logged in the DC's security logs.
I tried to fix that as described in http://social.technet.microsoft.com/Forums/windowsserver/en-US/0486c801-8980-4afa-8fee-8cc1409c3ee2/auditing-policy-on-2008-r2-dcs-not-working?forum=winserverDS, but nothing has changed, I am still not getting any security events. I then restored the DC Default Policy from a backup but still no success.
What else can I try?
Cheers, Georg.