DateTime
|
Date/Time of event origination in GMT format.
|
10.10.2000 19:00:00
|
Source
|
Name of an Application or System Service originating the event.
|
Security
|
Type
|
Warning, Information, Error, Success, Failure, etc.
|
Success
|
User
|
Domain\Account name of user/service/computer initiating event.
|
RESEARCH\Alebovsky
|
Computer
|
Name of server workstation where event was logged.
|
DC1
|
EventID
|
Numerical ID of event. Unique within one Event Source.
|
576
|
Description
|
The entire unparsed event message.
|
Special privileges assigned to new logon.
|
Log Name
|
The name of the event log (e.g. Application, Security, System, etc.)
|
Security
|
Category
|
A name for a subclass of events within the same Event Source.
|
Logon/Logoff
|
Object Server
|
The name of the service handling the access request
|
DS
|
Object Type
|
The class object as specified in the schema for this forest (user, group, organizational unit, etc.)
|
%{f30e3bc2-9ff0-11d1-b603-0000f80367c1}
|
Object Name
|
Distinguished name of the AD object
|
%{8bb7faa0-e9f7-46c1-b22a-c03de2f4b7cb}
|
Handle ID
|
ID of the object handle granted to the process accessing it
|
807808
|
Primary User Name
|
Account name of the user under which the directory service process runs
|
DCCC1$
|
Primary Domain
|
Domain of the Primary User Name
|
LOGISTICS
|
Primary Logon ID
|
ID of the logon session of the Primary User Name account
|
(0x0,0x3E7)
|
Client User Name
|
Name of the user attempting to access the object
|
DCCC1$
|
Client Domain
|
Domain of the Client User Name
|
LOGISTICS
|
Client Logon ID
|
ID of the logon session of the Client User Name account
|
(0x0,0x414A12)
|
Accesses
|
Identifies the permissions requested by user/program to the object. These accesses directly correspond to the object level and property level permissions you see in the access control list of the associated object in Active Directory. Write Property and Read Property accesses will be followed by the actual properties written to or read.
|
DELETE
|
Properties
|
The list of properties to which access was requested
|
READ_CONTROL
|