Chatee ahora con Soporte
Chat con el soporte

Change Auditor for Active Directory 7.1.1 - Event Reference Guide

Replication Transport

Bridge All Site Links Option Changed

Created when the Bridge all site links check box on the replication transport property page is changed.

Medium

Ignore Link Schedules Option Changed

Created when the Ignore schedules check box on the replication transport property page is changed.

Medium

Irregular domain replication activity detected

This event identifies replication behavior that may indicate that DCSync is being used to retrieve password data through domain replication.

Irregular requests can include:

As an example, DCSync is a command within Mimikatz that can simulate the behaviour of a Domain Controller and make replication requests. This activity can result in someone gaining unauthorized access to user credentials. The stolen credentials can then be used to create a golden ticket or silver ticket and can be used for pass-the-hash and overpass-the-hash scenarios.

This event identifies replication behavior that may indicate that DCSync is being used to compromise the security of your network.

High

Schema Configuration

Attribute Added to Optional Attributes

Created when a new attribute is added to the optional attributes for a class object in the schema.

High

Attribute Removed from Optional Attributes

Created when an attribute is removed from the Optional Attributes for a class object in the schema.

High

Class Removed from Auxiliary Classes in Schema

Created when a class is removed from auxiliaryClass.

High

Class Removed from Possible Superiors in Schema

Created when a class is removed from possSuperiors.

High

New Class Added to Auxiliary Classes in Schema

Created when a new class is added to auxiliaryClass.

High

New Class Added to Possible Superiors in Schema

Created when a new class is added to possSuperiors.

High

Schema Attribute Added

Created when a new attribute is added to the schema.

High

Schema Attribute Confidential flag changed

Created when an Attribute Confidential flag is changed.

High

Schema Attribute defaultHidingValue Changed

Created when the defaultHidingValue is changed.

High

Schema Attribute GC Flag Changed

Created when the GC flag for an attribute is changed.

High

Schema Attribute Indexing Flag Changed

Created when the indexing flag for an attribute is changed.

High

Schema Attribute RODC Filtered flag changed

Created when an Attribute RODC Replication flag is changed.

High

Schema Class Added

Created when a new class is added to the schema.

High

Schema Class Default Security Descriptor Changed

Created when the default security descriptor for a class is changed.

High

Schema Object Disabled

Created when a schema object is marked disabled.

High

Schema Object Enabled

Created when a schema object is marked enabled.

High

Schema Version Changed

Created when the schema version number changes.

High

Site Configuration

Automatic Intersite Topology Generation Role Changed

Created when the intersite topology generation role is assigned to another DC.

Medium

Automatic Intersite Topology Generator for the Site has been Disabled

Created when intersite topology generation is disabled for a site.

High

Automatic Intersite Topology Generator for the Site has been Enabled

Created when intersite topology generation is enabled for a site.

Medium

Automatic Intrasite Topology Generation for the Site has been Enabled

Created when intrasite topology generation is enabled for a site.

Medium

Automatic Intrasite Topology Generator for the Site has been Disabled

Created when intrasite topology generation is disabled for a site.

High

Default Site Query Policy Object Changed

Created when the default query policy object reference for a site is changed.

Medium

Domain Controller Moved to Site

Created when a Domain controller is moved to a site.

Medium

Linked Query Policy Object for Site Changed

Created when the query policy object referred to by a site is changed.

Medium

Site Group Policy Order Changed

Created when the list of group policies linked to a site is re-ordered.

Medium

Site License Server Changed

Created when the licensing server for the site is changed.

Medium

Site Link Bridge Configuration

Site Link Added to Site Link Bridge

Created when a site link has been added to a site link bridge.

Medium

Site Link Removed from Site Link Bridge

Created when a site link has been removed from a site link bridge.

High

Documentos relacionados

The document was helpful.

Seleccionar calificación

I easily found the information I needed.

Seleccionar calificación