Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision | |||
ms_windows_ms_sql:ad_changes_monitoring [2019/06/05 11:57] – admin | ms_windows_ms_sql:ad_changes_monitoring [2019/06/26 10:01] (current) – admin | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | https:// | ||
+ | https:// | ||
+ | https:// | ||
+ | https:// | ||
+ | https:// | ||
+ | https:// | ||
+ | https:// | ||
+ | https:// | ||
+ | Файл с **Message Templates** - **%SystemRoot%\system32\adtschema.dll**, | ||
+ | |||
+ | ====== Active Directory related Event IDs ====== | ||
+ | ===== Groups related Event IDs ===== | ||
+ | < | ||
+ | 4727 A security-enabled global group was created. | ||
+ | 4730 A security-enabled global group was deleted. | ||
+ | 4731 A security-enabled local group was created. | ||
+ | 4734 A security-enabled local group was deleted. | ||
+ | 4735 A security-enabled local group was changed. | ||
+ | 4737 A security-enabled global group was changed. | ||
+ | 4744 A security-disabled local group was created. | ||
+ | 4745 A security-disabled local group was changed. | ||
+ | 4748 A security-disabled local group was deleted. | ||
+ | 4749 A security-disabled global group was created. | ||
+ | 4750 A security-disabled global group was changed. | ||
+ | 4753 A security-disabled global group was deleted. | ||
+ | 4754 A security-enabled universal group was created. | ||
+ | 4755 A security-enabled universal group was changed. | ||
+ | 4758 A security-enabled universal group was deleted. | ||
+ | 4759 A security-disabled universal group was created. | ||
+ | 4760 A security-disabled universal group was changed. | ||
+ | 4763 A security-disabled universal group was deleted. | ||
+ | 4764 A group type was changed. | ||
+ | </ | ||
+ | ===== Group members related Event IDs ===== | ||
+ | < | ||
+ | 4728 A member was added to a security-enabled global group. | ||
+ | 4729 A member was removed from a security-enabled global group. | ||
+ | 4732 A member was added to a security-enabled local group. | ||
+ | 4733 A member was removed from a security-enabled local group. | ||
+ | 4746 A member was added to a security-disabled local group. | ||
+ | 4747 A member was removed from a security-disabled local group. | ||
+ | 4751 A member was added to a security-disabled global group. | ||
+ | 4752 A member was removed from a security-disabled global group. | ||
+ | 4756 A member was added to a security-enabled universal group. | ||
+ | 4757 A member was removed from a security-enabled universal group. | ||
+ | 4761 A member was added to a security-disabled universal group. | ||
+ | 4762 A member was removed from a security-disabled universal group. | ||
+ | 4780 The ACL was set on accounts which are members of administrators groups. | ||
+ | </ | ||
+ | ===== User Accounts related Event IDs ===== | ||
+ | < | ||
+ | 4720 A user account was created. | ||
+ | 4722 A user account was enabled. | ||
+ | 4725 A user account was disabled. | ||
+ | 4726 A user account was deleted. | ||
+ | 4738 A user account was changed. | ||
+ | 4740 A user account was locked out. | ||
+ | 4767 A user account was unlocked. | ||
+ | 4781 The name of an account was changed. | ||
+ | </ | ||
+ | ===== Computer Accounts related Event IDs ===== | ||
+ | < | ||
+ | 4741 A computer account was created. | ||
+ | 4742 A computer account was changed. | ||
+ | 4743 A computer account was deleted. | ||
+ | </ | ||
+ | ===== AD Objects related Event IDs ===== | ||
+ | < | ||
+ | 4661 A handle to an object was requested | ||
+ | 4662 An operation was performed on an object. | ||
+ | 5136 A directory service object was modified. | ||
+ | 5137 A directory service object was created. | ||
+ | 5138 A directory service object was undeleted | ||
+ | 5139 A directory service object was moved. | ||
+ | 5141 A directory service object was deleted. | ||
+ | </ | ||
+ | ===== Credentials and Passwords related Event IDs ===== | ||
+ | < | ||
+ | 4723 An attempt was made to change an account' | ||
+ | 4724 An attempt was made to reset an accounts password. | ||
+ | 4794 An attempt was made to set the Directory Services Restore Mode administrator password | ||
+ | 5376 Credential Manager credentials were backed up. | ||
+ | 5377 Credential Manager credentials were restored from a backup. | ||
+ | </ | ||
+ | |||
+ | ===== User LogOn/ | ||
+ | 4624 - An account was successfully logged on. | ||
+ | 4634 - An account was logged off. | ||
+ | 4800 - Lock | ||
+ | 4801 - UnLock | ||