Event Details
User Activity->Permission Changes->Active Directory Permission Changes->InTrust Plug-in for Active Directory->Common Active Directory Permission Changes->Failed change attempts->EventID 41 - Failed attempt to modify AD object ownership.
EventID 41 - Failed attempt to modify AD object ownership.
 Sample: 
Event Type:     Warning
Event Source:   ITAD Directory Changes
Event Category: None
Event ID:       41
Date:           10/29/2009
Time:           07:29:17
User:           RESEARCH\DKrane
Computer:       DC1
Description:    
Failed attempt to modify AD object ownership.
	Client Computer : 10.0.0.1
	Object DN : CN={693C5182-0240-4289-9F7F-CF41AFC48C4D},CN=Policies,CN=System,DC=research,DC=corp
	Object Class : groupPolicyContainer
	Object GUID : {E175CE83-03C3-4638-8CA2-A52D4434EECC}
	Old Owner: RESEARCH\Domain Admins
	New Owner : RESEARCH\Daniel Krane
	Failure Type : Access denied
	Request ID : {BEE23490-2383-4DAF-88C8-44ACDF6CF0DB}
===========================
Description template:
===========================
Failed attempt to modify AD object ownership.
   Client Computer : %8
   Object DN : %1
   Object Class : %2
   Object GUID : %3
   Old Owner: %4
   New Owner : %5
   Failure Type : %6
   Request ID : %7
Log Type: Windows Event Log
 Uniquely Identified By:
Log Name: InTrust for AD
Filtering Field Equals to Value
Source ITAD Directory Changes
EventId 41
Field Matching
FieldDescriptionStored inSample Value
When At what date and time a user activity originated in the system. DateTime 10.10.2000 19:00:00
Who Account or user name under which the activity occured. User RESEARCH\Alebovsky
What The type of activity occurred (e.g. Logon, Password Changed, etc.) "Attempt to Change AD Object Ownership" Attempt to Change AD Object Ownership
Where The name of the workstation/server where the activity was logged. Computer DC1
Where From The name of the workstation/server where the activity was initiated from. Client Computer 10.0.0.1
Severity Specify the seriousness of the event. "High" High
WhoDomain -
WhereDomain -
Object Type The type of object whose permissions were changed (e.g. AD object, file, registry, etc.) Object Class groupPolicyContainer
Object Name The name of the object whose permissions were changed (e.g. full system path to the file or folder) Object DN CN={693C5182-0240-4289-9F7F-CF41AFC48C4D},CN=Policies,CN=System,DC=research,DC=corp
To Whom Account whose access permissions to the object were changed New Owner RESEARCH\Daniel Krane
Result Successful or Failed "Failed" Failed
Comments
You must be logged in to comment