Chat now with support
Chat with Support

Change Auditor for Active Directory 7.2 - Event Reference Guide

SYSVOL

Table 31. SYSVOL events

SYSVOL Folder Access Rights Changed

Created when access to the SYSVOL folder has been changed via Access Control Settings for SYSVOL or Share Permissions.

Disabled by default.

Medium

SYSVOL Folder Auditing Changed

Created when the SACL on the SYSVOL folder has been changed.

Disabled by default.

Medium

SYSVOL Folder Ownership Changed

Created when ownership of the SYSVOL folder has been changed.

Disabled by default.

Medium

 

Log Events

When event logging for Active Directory is enabled in Change Auditor, events will also be written to the InTrust® for AD event log. In addition, when event logging for ADAM (AD LDS) is enabled in Change Auditor, ADAM events will be written to the InTrust for ADAM event log. These log events can then be gathered by InTrust and Quest Knowledge Portal for further processing and reporting.

The tables in this section list the log events capture when Active Directory and/or ADAM event logging is enabled. They are listed in numeric order by event ID based on the event log to which they are recorded:

InTrust for AD event log

The following table lists the Active Directory events that are recorded to the InTrust for AD event log when Active Directory event logging is enabled in Change Auditor.

1

Attempt to modify AD object was denied by the system

2

Attempt to delete AD object was denied by the system

3

AD object was successfully modified

4

AD object was successfully deleted

5

Attempt to modify AD object was denied by Change Auditor for Active Directory

6

Attempt to delete AD object was denied by Change Auditor for Active Directory

8

Attempt to delete Group Policy was denied by the system

9

Group Policy was successfully modified

10

Group Policy was successfully deleted

11

Attempt to modify Group Policy was denied by Change Auditor for Active Directory

13

Attempt to move AD object was denied by the system

14

AD object was successfully moved

15

Attempt to move AD object was denied by Change Auditor for Active Directory

16

Attempt to create AD object was denied by the system

17

AD object was successfully created

18

Attempt to create AD object was denied by Change Auditor for Active Directory

19

Attempt to create Group Policy was denied by the system

20

Group Policy was successfully created

21

Attempt to create Group Policy was denied by Change Auditor for Active Directory

22

Attempt to modify a property of AD object was denied by the system

23

Property of AD object was successfully modified

24

Attempt to modify a property of AD object was denied by Change Auditor for Active Directory

25

Heartbeat – Change Auditor for Active Directory is currently active on this computer

26

Protected objects cache update failure

27

Protected objects cache reload

31

AD object was successfully protected

32

AD object protection was successfully removed

33

AD object protection was successfully modified

37

Group Policy was successfully protected

38

Group Policy protection was successfully removed

39

Group Policy protection was successfully modified

40

Attempt to modify AD object security descriptor was denied by the system

41

Attempt to modify AD object ownership was denied by the system

42

Attempt to modify user mailbox access rights was denied by the system

43

AD object security descriptor was successfully modified

44

AD object ownership was successfully changed

45

Attempt to modify user mailbox ownership was denied by the system

46

Attempt to modify AD object security descriptor was denied by Change Auditor for Active Directory

47

Attempt to modify AD object ownership was denied by Change Auditor for Active Directory

48

User mailbox access rights were successfully changed

49

User mailbox ownership was successfully changed

50

Attempt to modify user mailbox access was denied by Change Auditor for Active Directory

51

Attempt to modify user mailbox ownership was denied by Change Auditor for Active Directory

52

Attempt to modify linked Group Policy objects was denied by the system

53

Linked Group Policy objects were successfully modified

54

Attempt to modify linked Group Policy objects was denied

63

Group Policy Template was successfully modified

64

Attempt to modify Group Policy Template was denied

65

DNS record added

66

DNS record deleted

67

DNS record changed

69

List of excluded accounts was successfully changed

70

Service start failure

71

Group policy backup is not available

72

Group policy backup is now available

74

List of protected attributes was successfully changed

76

Protection group settings was successfully changed

78

Protection group was successfully created

80

Protection group was successfully deleted

82

Protection group was successfully renamed

84

Audit filter list was successfully changed

85

Event log was cleared

86

Service critical error

87

Account locked out

88

Account unlocked

89

Attempt to unlock user account was denied by the system

90

Attempt to unlock user account was denied by Change Auditor for Active Directory

101

Group member-of added

102

Group member-of removed

151

User member-of added

152

User member-of removed

201

Starter GPO Computer setting changed

202

Starter GPO User setting changed

251

Starter GPO created

252

Starter GPO removed

301

IP Security Filter Action created

302

IP Security Filter Action deleted

303

IP Security Filter Action Option changed

304

IP Security Filter Action Security Method changed

305

IP Security Filter List created

306

IP Security Filter List deleted

307

IP Security Filter List Option changed

308

IP Security Policy created

309

IP Security Policy deleted

310

IP Security Policy Key Exchange Settings changed

311

IP Security Policy Option changed

312

IP Security Rule created

313

IP Security Rule deleted

314

IP Security Rule Filter Action changed

315

IP Security Rule Filter List changed

316

IP Security Rule Option changed

317

Rule added to IP Security Policy Rule List

318

Rule removed from IP Security Policy Rule List

361

Expires after period changed in DNS zone

362

Name server added to DNS zone

363

Name server removed from DNS zone

364

Primary server changed in DNS zone

365

Refresh interval changed in DNS zone

366

Retry interval changed in DNS zone

367

WINS forwarding flag disabled in DNS zone

368

WINS forwarding flag enabled in DNS zone

369

WINS forwarding host list changed in DNS zone

370

Zone default TTL changed in DNS zone

371

Zone delegation added to DNS zone

372

Zone delegation removed from DNS zone

373

DNS Zone added

374

DNS Zone deleted

401

Attribute added to the optional attributes for a class object in the schema

402

Attribute removed from the optional attributes for a class object in the schema

403

Class removed from auxiliary classes in schema

404

Class removed from possible superiors in schema

405

New class added to auxiliary classes in schema

406

New class added to possible superiors in schema

407

Schema attribute added

408

Schema attribute flag changed

409

Schema class added

410

Schema class default security descriptor changed

411

Schema object changed

412

Schema version changed

413

Schema class deactivated

414

Schema class reactivated

415

Schema attribute deactivated

416

Schema attribute reactivated

501

Computer Software Restriction Basic User Hash Rule added, changed or removed

502

Computer Software Restriction Basic User Path Rule added, changed or removed

503

Computer Software Restriction Basic Zone Rule added, changed or removed

504

Computer Software Restriction Designated File Types changed

505

Computer Software Restriction Disallowed Certificate Rule added, changed or removed

506

Computer Software Restriction Disallowed Hash Rule added, changed or removed

507

Computer Software Restriction Disallowed Path Rule added, changed or removed

508

Computer Software Restriction Disallowed Zone Rule added, changed or removed

509

Computer Software Restriction Enforcement Files option changed

510

Computer Software Restriction Enforcement Users option changed

511

Computer Software Restriction Policies Default Security level changed

512

Computer Software Restriction Trusted Publishers policy changed

513

Computer Software Restriction Unrestricted Certificate Rule added, changed or removed

514

Computer Software Restriction Unrestricted Hash Rule added, changed or removed

515

Computer Software Restriction Unrestricted Path Rule added, changed or removed

516

Computer Software Restriction Unrestricted Zone Rule added, changed or removed

521

Computer Software Installation Policy added, changed or removed

531

Computer Public Key Policies Autoenrollment settings changed

532

Computer Public Key Policies Automatic Certificate Request added, changed or removed

533

Computer Public Key Policies Encrypting File System DRA added, changed or removed

534

Computer Public Key Policies Enterprise Trust List added, changed or removed

535

Computer Public Key Policies Trusted Root Certification Authority changed

541

User Software Restriction Basic User Hash Rule changed

542

User Software Restriction Basic User Path Rule added, changed or removed

543

User Software Restriction Basic User Zone Rule added, changed or removed

544

User Software Restriction Designated File Types changed

545

User Software Restriction Disallowed Certificate Rule added, changed or removed

546

User Software Restriction Disallowed Hash Rule added, changed or removed

547

User Software Restriction Disallowed Path Rule added, changed or removed

548

User Software Restriction Disallowed Zone Rule added, changed or removed

549

User Software Restriction Enforcement Files option changed

550

User Software Restriction Enforcement Users option changed

551

User Software Restriction Policies Default Security Level changed

552

User Software Restriction Trusted Publishers policy changed

553

User Software Restriction Unrestricted Certificate Rule added, changed or removed

554

User Software Restriction Unrestricted Hash Rule added, changed or removed

555

User Software Restriction Unrestricted Path Rule added, changed or removed

556

User Software Restriction Unrestricted Zone Rule added, changed or removed

581

User Software Installation Policy added, changed or removed

601

User Public Key Policies Autoenrollment Settings changed

602

User Public Key Policies Enterprise Trust List added, changed or removed

InTrust for ADAM event Log

The following table lists the ADAM (AD LDS) events that are recorded to the InTrust for ADAM event log when ADAM (AD LDS) event logging is enabled.

1

Attempt to modify ADAM object was denied by the system

2

Attempt to delete ADAM object was denied by the system

3

ADAM object was successfully modified

4

ADAM object was successfully deleted

5

Attempt to modify ADAM object was denied by Change Auditor

6

Attempt to modify ADAM object was denied by Change Auditor

13

Attempt to move ADAM object was denied by system

14

ADAM object was successfully moved

15

Attempt to move ADAM object was denied by Change Auditor

16

Attempt to create ADAM object was denied by system

17

ADAM object was successfully created

18

Attempt to create ADAM object was denied by Change Auditor

22

Attempt to modify property of ADAM object was denied by the system

23

Property of ADAM object was successfully modified

24

Attempt to modify a property of ADAM object was denied by Change Auditor

25

Heartbeat – Change Auditor for ADAM service is currently active on this computer

27

Protected objects cache reload

31

ADAM object was successfully protected

32

ADAM object protection was successfully removed

33

ADAM object protection was successfully modified

40

Attempt to modify ADAM object security descriptor was denied by the system

41

Attempt to modify ADAM object ownership was denied by the system

43

ADAM object security descriptor was successfully modified

44

ADAM object ownership was successfully changed

46

Attempt to modify ADAM object security descriptor was denied

47

Attempt to modify ADAM object ownership was denied

69

List of excluded accounts was successfully changed

70

Service start failure

71

Invalid ADAM instance

74

List of protected attributes was successfully changed

76

Protected attributes list mode was successfully changed

78

Protection group was successfully created

80

Protection group was successfully deleted

82

Protection group was successfully renamed

84

Audit filter list was successfully changed

85

Event log was cleared

86

Service critical error

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating