This policy setting allows you to audit events generated when an Active Directory Domain Services (AD DS) object is accessed. Only AD DS objects with a matching system access control list (SACL) are logged. Events in this subcategory are similar to the Directory Service Access events available in previous versions of Windows. Volume: High on domain controllers. None on client computers. Default on Client editions: No Auditing. Default on Server editions: Success. Fix: (1) GPO: Computer Configuration\Windows Settings\Security Settings\Advanced Audit Policy Configuration\System Audit Policies\DS Access\Audit Directory Service Access (2) REG: INFO NOT AVAILABLE