Event-o-Pedia EventID 48 - User mailbox access rights were successfully changed.

	Event Details
	Operating System->Microsoft Windows->Application logs->Quest->Change Auditor->Change Auditor for Active Directory->ITAD Directory Changes->EventID 48 - User mailbox access rights were successfully changed.

EventID 48 - User mailbox access rights were successfully changed.

Sample:

Event Type:     Information
Event Source:   ITAD Directory Changes
Event Category: None
Event ID:       48
Date:           10/29/2009
Time:           07:00:44
User:           RESEARCH\CBrown
Computer:       DC1
Description:    
User mailbox access rights were successfully changed.
	Client Computer : 10.0.0.1
	User Object DN : cn=Daniel Krane,CN=Users,DC=research,DC=corp
	User Object GUID : {9DD9B58F-9548-4EE8-A852-7911C763BF7B}
	Action: ACE Addition
	Type: Permission Allow
	Trustee: NT AUTHORITY\SELF
	Trustee Type: Well Known Group
	Apply To: This object and subcontainers
	Old Rights: <not set>
	New Rights: Full mailbox access, Send As, Read Permissions
	Request ID : {17880F2C-D275-4251-B5D1-0F13C28448EA}
===========================
Description template:
===========================
User mailbox access rights were successfully changed.
   Client Computer : %13
   User Object DN : %1
   User Object GUID : %3
   Action: %4
   Type: %5
   Trustee: %6
   Trustee Type: %7
   Apply To: %9
   Old Rights: %10
   New Rights: %11
   Request ID : %12

Log Type:

Windows Event Log

Uniquely Identified By:

Log Name:

InTrust for AD

Filtering Field	Equals to Value
Source	ITAD Directory Changes
EventId	48

Field Matching

Field	Description	Stored in	Sample Value
DateTime	Date/Time of event origination in GMT format.	DateTime	10.10.2000 19:00:00
Source	Name of an Application or System Service originating the event.	Source	Security
Type	Warning, Information, Error, Success, Failure, etc.	InsertionString5	Success
User	Domain\Account name of user/service/computer initiating event.	User	RESEARCH\Alebovsky
Computer	Name of server workstation where event was logged.	Computer	DC1
EventID	Numerical ID of event. Unique within one Event Source.	EventId	576
Description	The entire unparsed event message.	Description	Special privileges assigned to new logon.
Log Name	The name of the event log (e.g. Application, Security, System, etc.)	LogName	Security
Category	A name for a subclass of events within the same Event Source.	Category	AttestationReview
Whom	The object name to which the activity was applied.	InsertionString1
Client Computer		InsertionString13	10.0.0.1
Request ID		InsertionString12	{17880F2C-D275-4251-B5D1-0F13C28448EA}
Object DN		InsertionString1	cn=Daniel Krane,CN=Users,DC=research,DC=corp
Object GUID		InsertionString3	{9DD9B58F-9548-4EE8-A852-7911C763BF7B}
Action		InsertionString4	ACE Addition
Trustee		InsertionString6	NT AUTHORITY\SELF
Trustee Type		InsertionString7	Well Known Group
Applied to		InsertionString9	This object and subcontainers
Old Rights		InsertionString10	<not set>
New Rights		InsertionString11	Full mailbox access, Send As, Read Permissions
Permission		InsertionString5	Permission Allow