Ad Clicks : Ad Views : Ad Clicks : Ad Views : Ad Clicks : Ad Views : Ad Clicks : Ad Views : Ad Clicks : Ad Views : Ad Clicks : Ad Views : Ad Clicks : Ad Views : Ad Clicks : Ad Views : Ad Clicks : Ad Views :
TheServerGeeks

IT with everything IT

Active directory “users and computer” auditing security events log

/

Active directory “users and computer” auditing security events log

 

Event ID: 512

Type: Success Audit

Description: Windows NT is starting up.

 

————————————————————————–

Event ID: 513

Type: Success Audit

Description: Windows NT is shutting down. All logon sessions will be

terminated by this shutdown.

————————————————————————–

 

Event ID: 514

Type: Success Audit

Description: An authentication package has been loaded by the Local

Security Authority. This authentication package will be

used to authenticate logon attempts.

Authentication Package Name: %1

————————————————————————–

 

Event ID: 515

Type: Success Audit

Description: A trusted logon process has registered with the Local

Security Authority. This logon process will be trusted to

submit logon requests.

Logon Process Name: %1

————————————————————————–

 

Event ID: 516

Type: Success Audit

Description: Internal resources allocated for the queuing of audit

messages have been exhausted, leading to the loss of some

audits.

Number of audit messages discarded: %1

————————————————————————–

 

Event ID: 517

Type: Success Audit

Description: The audit log was cleared

Primary User Name: %1      Primary Domain: %2

Primary Logon ID: %3       Client User Name: %4

Client Domain: %5          Client Logon ID: %6

————————————————————————–

 

Event ID: 518

Type: Success Audit

Description: A notification package has been loaded by the Security

Account Manager. This package will be notified of any

account or password changes.

Notification Package Name: %1

————————————————————————–

 

Event ID: 528

Type: Success Audit

Description: Successful Logon:

User Name: %1             Domain: %2

Logon ID: %3              Logon Type: %4

Logon Process: %5         Authentication Package: %6

Workstation Name: %7

————————————————————————–

 

Event ID: 529

Type: Failure Audit

Description: Logon Failure:

Reason: Unknown user name or bad password

User Name: %1              Domain: %2

Logon Type: %3             Logon Process: %4

Authentication Package: %5 Workstation Name: %6

————————————————————————–

 

Event ID: 530

Type: Failure Audit

Description: Logon Failure:

Reason: Account logon time restriction violation

User Name: %1              Domain: %2

Logon Type: %3             Logon Process: %4

Authentication Package: %5 Workstation Name: %6

————————————————————————–

 

Event ID: 531

Type: Failure Audit

Description: Logon Failure:

Reason: Account currently disabled

User Name: %1              Domain: %2

Logon Type: %3             Logon Process: %4

Authentication Package: %5 Workstation Name: %6

————————————————————————–

 

Event ID: 532

Type: Failure Audit

Description: Logon Failure:

Reason: The specified user account has expired

User Name: %1              Domain: %2

Logon Type: %3             Logon Process: %4

Authentication Package: %5 Workstation Name: %6

————————————————————————–

 

Event ID: 533

Type: Failure Audit

Description: Logon Failure:

Reason: User not allowed to logon at this computer

User Name: %1              Domain: %2

Logon Type: %3             Logon Process: %4

Authentication Package: %5 Workstation Name: %6

————————————————————————–

 

Event ID: 534

Type: Failure Audit

Description: Logon Failure:

Reason: The user has not been granted the requested logon

type at this machine

User Name: %1              Domain: %2

Logon Type: %3             Logon Process: %4

Authentication Package: %5 Workstation Name: %6

————————————————————————–

 

Event ID: 535

Type: Failure Audit

Description: Logon Failure:

Reason: The specified account’s password has expired

User Name: %1              Domain: %2

Logon Type: %3             Logon Process: %4

Authentication Package: %5 Workstation Name: %6

 

————————————————————————–

 

Event ID: 536

Type: Failure Audit

Description: Logon Failure:

Reason: The NetLogon component is not active

User Name: %1              Domain: %2

Logon Type: %3             Logon Process: %4

Authentication Package: %5 Workstation Name: %6

————————————————————————–

 

Event ID: 537

Type: Failure Audit

Description: Logon Failure:

Reason: An unexpected error occurred during logon

User Name: %1              Domain: %2

Logon Type: %3             Logon Process: %4

Authentication Package: %5 Workstation Name: %6

 

————————————————————————–

 

Event ID: 538

Type: Success Audit

Description: User Logoff:

User Name: %1             Domain: %2

Logon ID: %3              Logon Type: %4

————————————————————————–

 

Event ID: 539

Type: Failure Audit

Description: Logon Failure:

Reason: Account locked out

User Name: %1              Domain: %2

Logon Type: %3             Logon Process: %4

Authentication Package: %5 Workstation Name: %6

————————————————————————–

 

Event ID: 560

Type: Success Audit

Description: Object Open:

Object Server: %1          Object Type: %2

Object Name: %3            New Handle ID: %4

Operation ID: {%5,%6}

Process ID: %7             Primary User Name: %8

Primary Domain: %9         Primary Logon ID: %10

Client User Name: %11      Client Domain: %12

Client Logon ID: %13       Accesses %14

Privileges %15

 

————————————————————————–

Event ID: 561

Type: Success Audit

Description: Handle Allocated:

Handle ID: %1              Operation ID: {%2,%3}

Process ID: %4

————————————————————————–

 

Event ID: 562

Type: Success Audit

Description: Handle Closed:

Object Server: %1          Handle ID: %2

Process ID: %3

————————————————————————–

 

Event ID: 563

Type: Success Audit

Description: Object Open for Delete:

Object Server: %1          Object   Type: %2

Object Name: %3            New Handle ID: %4

Operation ID: {%5,%6}

Process ID: %7             Primary User Name: %8

Primary Domain: %9         Primary Logon ID: %10

Client User Name: %11      Client Domain: %12

Client Logon ID: %13       Accesses %14

Privileges %15

————————————————————————–

 

Event ID: 564

Type: Success Audit

Description: Object Deleted:

Object Server: %1          Handle ID: %2

Process ID: %3

————————————————————————–

 

Event ID: 576

Type: Success Audit

Description: Special privileges assigned to new logon:

User Name: %1             Domain: %2

Logon ID: %3              Assigned: %4

————————————————————————–

 

Event ID: 577

Type: Success Audit

Description: Privileged Service Called:

Server: %1              Service: %2

Primary User Name: %3      Primary Domain: %4

Primary Logon ID: %5       Client User Name: %6

Client Domain: %7          Client Logon ID: %8

Privileges: %9

————————————————————————–

 

Event ID: 578

Type: Failure Audit

Description: Privileged object operation:

Object Server: %1          Object Handle: %2

Process ID: %3             Primary User Name: %4

Primary Domain: %5         Primary Logon ID: %6

Client User Name: %7       Client Domain: %8

Client Logon ID: %9        Privileges: %10

 

————————————————————————–

Event ID: 592

Type: Success Audit

Description: A new process has been created:

New Process ID: %1         Image File Name: %2

Creator Process ID: %3     User Name: %4

Domain: %5                 Logon ID: %6

 

————————————————————————–

Event ID: 593

Type: Success Audit

Description: A process has exited:

Process ID: %1             User Name: %2

Domain: %3              Logon ID: %4

 

————————————————————————–

Event ID: 594

Type: Success Audit

Description: A handle to an object has been duplicated:

Source Handle ID: %1       Source Process ID: %2

Target Handle ID: %3       Target Process ID: %4

 

————————————————————————–

Event ID: 595

Type: Success Audit

Description: Indirect access to an object has been obtained:

Object   Type: %1          Object Name: %2

Process ID: %3             Primary User Name: %4

Primary Domain: %5         Primary Logon ID: %6

Client User Name: %7       Client Domain: %8

Client Logon ID: %9        Accesses: %10

 

————————————————————————–

Event ID: 608

Type: Success Audit

Description: User Right Assigned:

User Right: %1             Assigned To: %2

Assigned By:

User Name: %3              Domain: %4

Logon ID: %5

 

————————————————————————–

Event ID: 609

Type: Success Audit

Description: User Right Removed:

User Right: %1             Removed From: %2

Removed By:

User Name: %3              Domain: %4

Logon ID: %5

 

————————————————————————–

Event ID: 610

Type: Success Audit

Description: New Trusted Domain:

Domain Name: %1            Domain ID: %2

Established By:

User Name: %3              Domain: %4

Logon ID: %5

 

————————————————————————–

Event ID: 611

Type: Success Audit

Description: Removing Trusted Domain:

Domain Name: %1            Domain ID: %2

Removed By:

User Name: %3              Domain: %4

Logon ID: %5

 

————————————————————————–

Event ID: 612

Type: Success Audit

Description: Audit Policy Change:

New Policy:

Success   Failure

%1         %2    System

%3         %4    Logon/Logoff

%5         %6    Object Access

%7         %8    Privilege Use

%9        %10    Detailed Tracking

%11        %12    Policy Change

%13        %14    Account Management

Changed By:

User Name: %15             Domain Name: %16

Logon ID: %17

 

————————————————————————–

Event ID: 624

Type: Success Audit

Description: User Account Created:

New Account Name: %1       New Domain: %2

New Account ID: %3         Caller User Name: %4

Caller Domain: %5          Caller Logon ID: %6

Privileges %7

 

————————————————————————–

Event ID: 625

Type: Success Audit

Description: User Account Type Change:

Target Account Name: %1    Target Domain: %2

Target Account ID: %3      New Type: %4

Caller User Name: %5       Caller Domain: %6

Caller Logon ID: %7

 

————————————————————————–

Event ID: 626

Type: Success Audit

Description: User Account Enabled:

Target Account Name: %1    Target Domain: %2

Target Account ID: %3      Caller User Name: %4

Caller Domain: %5          Caller Logon ID: %6

 

————————————————————————–

Event ID: 627

Type: Success Audit

Description: Change Password Attempt:

Target Account Name: %1    Target Domain: %2

Target Account ID: %3      Caller User Name: %4

Caller Domain: %5          Caller Logon ID: %6

Privileges: %7

 

————————————————————————–

Event ID: 628

Type: Success Audit

Description: User Account password set:

Target Account Name: %1    Target Domain: %2

Target Account ID: %3      Caller User Name: %4

Caller Domain: %5          Caller Logon ID: %6

 

————————————————————————–

Event ID: 629

Type: Success Audit

Description: User Account Disabled:

Target Account Name: %1    Target Domain: %2

Target Account ID: %3      Caller User Name: %4

Caller Domain: %5          Caller Logon ID: %6

 

————————————————————————–

Event ID: 630

Type: Success Audit

Description: User Account Deleted:

Target Account Name: %1    Target Domain: %2

Target Account ID: %3      Caller User Name: %4

Caller Domain: %5          Caller Logon ID: %6

Privileges: %7

 

————————————————————————–

Event ID: 631

Type: Success Audit

Description: Global Group Created:

New Account Name: %1       New Domain: %2

New Account ID: %3         Caller User Name: %4

Caller Domain: %5          Caller Logon ID: %6

Privileges: %7

 

————————————————————————–

Event ID: 632

Type: Success Audit

Description: Global Group Member Added:

Member: %1                 Target Account Name: %2

Target Domain: %3          Target Account ID: %4

Caller User Name: %5       Caller Domain: %6

Caller Logon ID: %7        Privileges: %8

 

————————————————————————–

Event ID: 633

Type: Success Audit

Description: Global Group Member Removed:

Member: %1                 Target Account Name: %2

Target Domain: %3          Target Account ID: %4

Caller User Name: %5       Caller Domain: %6

Caller Logon ID: %7        Privileges: %8

 

————————————————————————–

Event ID: 634

Type: Success Audit

Description: Global Group Deleted:

Target Account Name: %1    Target Domain: %2

Target Account ID: %3      Caller User Name: %4

Caller Domain: %5          Caller Logon ID: %6

Privileges: %7

 

————————————————————————–

Event ID: 635

Type: Success Audit

Description: Local Group Created:

New Account Name: %1       New Domain: %2

New Account ID: %3         Caller User Name: %4

Caller Domain: %5          Caller Logon ID: %6

Privileges: %7

 

————————————————————————–

Event ID: 636

Type: Success Audit

Description: Local Group Member Added:

Member: %1                 Target Account Name: %2

Target Domain: %3          Target Account ID: %4

Caller User Name: %5       Caller Domain: %6

Caller Logon ID: %7        Privileges: %8

 

————————————————————————–

Event ID: 637

Type: Success Audit

Description: Local Group Member Removed:

Member: %1                 Target Account Name: %2

Target Domain: %3          Target Account ID: %4

Caller User Name: %5       Caller Domain: %6

Caller Logon ID: %7        Privileges: %8

 

————————————————————————–

Event ID: 638

Type: Success Audit

Description: Local Group Deleted:

Target Account Name: %1    Target Domain: %2

Target Account ID: %3      Caller User Name: %4

Caller Domain: %5          Caller Logon ID: %6

Privileges: %7

 

————————————————————————–

Event ID: 639

Type: Success Audit

Description: Local Group Changed:

Target Account Name: %1    Target Domain: %2

Target Account ID: %3      Caller User Name: %4

Caller Domain: %5          Caller Logon ID: %6

Privileges: %7

 

————————————————————————–

Event ID: 640

Type: Success Audit

Description: General Account Database Change:

Type of change: %1         Object Type: %2

Object Name: %3            Object ID: %4

Caller User Name: %5       Caller Domain: %6

Caller Logon ID: %7

 

————————————————————————–

Event ID: 641

Type: Success Audit

Description: Global Group Changed:

Target Account Name: %1    Target Domain: %2

Target Account ID: %3      Caller User Name: %4

Caller Domain: %5          Caller Logon ID: %6

Privileges: %7

 

————————————————————————–

Event ID: 642

Type: Success Audit

Description: User Account Changed:

Target Account Name: %1    Target Domain: %2

Target Account ID: %3      Caller User Name: %4

Caller Domain: %5          Caller Logon ID: %6

Privileges: %7

 

————————————————————————–

Event ID: 643

Type: Success Audit

Description: Domain Policy Changed:

Domain: %1                 Domain ID: %2

Caller User Name: %3       Caller Domain: %4

Caller Logon ID: %5        Privileges: %6

 

————————————————————————–

Event ID: 644

Event Type: Success Audit

Description: User Account Locked Out

Target Account Name:  %1   Target Account ID: %2

Caller Machine Name:  %3    Caller User Name:  %4

Caller Domain:      %5        Caller Logon ID:  %6

————————————————————————–

 

To Know how to Create Bulk users in AD,Click here

Leave a Comment

Your email address will not be published. Required fields are marked *

This div height required for enabling the sticky sidebar