We have been working on switching over to a user account that does not have Domain Administrator permissions on the domain to be able to audit both Active Directory and Group Policy. We have added this user account under the group policy for "Manage auditing and security log Properties". Unfortunately, for each of the domain controllers, we get the following error message:
Managed Object: DOMAINNAME
The following error has occurred while processing 'DOMAINCONTROLLER.DOMAINNAME.com':
Failed to obtain system audit status. Error: Access is denied (Code:5). Error details: Overlapped I/O operation is in progress. This warning can be ignored and/or turned off (using IgnoreAuditStatusCheckError registry setting) if you are sure that auditing is setup correctly.
I do believe we are receiving proper auditing, however I am not sure if we are missing anything due to this error message. These errors occur for all 10 of the domain controllers. I've also verified that:
1) The group policy where Manage Auditing and security log Properties is set is in fact applied to the OU where the domain controllers are.
2) The group policy is in fact applied to all of the domain controllers, and the user account in question is definitely listed as having this access.