Event-o-Pedia EventID 1524 - Deleted object is restored (undeleted).

	Event Details
	User Activity->Object Access->Active Directory Object Access->Active Roles 7 or higher->EventID 1524 - Deleted object is restored (undeleted).

EventID 1524 - Deleted object is restored (undeleted).

Linked Event:

EventID 1524 - Deleted object is restored (undeleted).

Sample:

Log Name:      ARAdminService
Source:        ARAdminSvc
Date:          11/22/2016 2:58:51 PM
Event ID:      1524
Task Category: ObjectUnDelete
Level:         Information
Keywords:      Classic,Audit Success
User:          ITSS\igor.ilyin
Computer:      IIZHU1.itss.wm.zhu.cn.qsft
Description:
Deleted object is restored (undeleted). 
Operation GUID: 62018d0e-1f7e-4d78-921d-c2c003230f6d 
Object name: Repo0ADEL:37bdb223-04bf-45e6-810e-36f8c416b6dc 
Restored to: itss.wm.zhu.cn.qsft/Deleted Objects 
Object class: volume 
Object GUID: 37bdb223-04bf-45e6-810e-36f8c416b6dc

Log Type:

Windows Event Log

Uniquely Identified By:

Log Name:

ARAdminService

Filtering Field	Equals to Value
Source	ARAdminSvc
EventId	1524

Field Matching

Field	Description	Stored in	Sample Value
When	At what date and time a user activity originated in the system.	-	1/1/2000
Who	Account or user name under which the activity occured.	-	SomeUser
What	The type of activity occurred (e.g. Logon, Password Changed, etc.)	"Object Undeleted"	Object Undeleted
Where	The name of the workstation/server where the activity was logged.	-	10.10.10.10
Where From	The name of the workstation/server where the activity was initiated from.	-	10.10.10.10
Severity	Specify the seriousness of the event.	-	High
WhoDomain		-
WhereDomain		-
Result	Successful or Failed	-
Object Name		-
Object Type		-
Whom		Whom	Repo0ADEL:37bdb223-04bf-45e6-810e-36f8c416b6dc