Many IT folks like the “Do-it-Yourself” approach to solving many tasks. This article written by Chris Colorado provides some very detailed instructions on how to setup Active Directory Auditing of not just one DC, but (in theory) all of them, centrally. The method described utilizes Event Log data. Another method involves Monitoring via PowerShell. But if your auditing of Active Directory requires tracking additional types of changes and more detail, you may need a 3rd party solution to assist. If this well written native method doesn’t work for you, remember you can find both limited capability freeware and full enterprise paid solutions to audit your Active Directory with Netwrix.
More great reading
Sarah Greesonbach March 27, 2019
Michael Fimin May 7, 2020
Mike Tierney April 10, 2020
Russell Smith March 3, 2020