Adding more audit stores to an installation

The audit store typically maps one-to-one with an Active Directory site. However, in some situations it is desirable to define the scope of an audit store differently:

  • A subnet that Active Directory considers part of a site may be connected over a slow link. In this situation, you probably want to configure another audit store and collectors that service audited computers in the remote subnet.
  • A very large site may require multiple audit stores for load distribution. You can accomplish this by partitioning an Active Directory site into multiple audit stores based on subnets. Each subnet has its own audit store and set of collectors and audited computers.

Two common audit store actions are:

  • Adding a new audit store in a new site, and using the Select Scope page in the Add Audit Store Wizard to configure the site settings.
  • Splitting an audit store in two, using the audit store’s Property page to adjust the scope of the existing audit store, and then adding a new audit store.

To configure the audit store to support a particular subnet, click the Subnet radio button, and fill in the subnet IP address and mask.