|
DateTime
|
Date/Time of event origination in GMT format.
|
DateTime
|
10.10.2000 19:00:00
|
|
Source
|
Name of an Application or System Service originating the event.
|
Source
|
ITAD Directory Changes
|
|
Type
|
Warning, Information, Error, Success, Failure, etc.
|
-
|
|
|
User
|
Domain\Account name of user/service/computer initiating event.
|
User
|
RESEARCH\Alebovsky
|
|
Computer
|
Name of server workstation where event was logged.
|
Computer
|
DC1
|
|
EventID
|
Numerical ID of event. Unique within one Event Source.
|
EventId
|
591
|
|
Description
|
The entire unparsed event message.
|
Description
|
LDAP query performed.
|
|
Log Name
|
The name of the event log (e.g. Application, Security, System, etc.)
|
LogName
|
InTrust for AD
|
|
Category
|
A name for a subclass of events within the same Event Source.
|
Category
|
AttestationReview
|
|
Whom
|
The object name to which the activity was applied.
|
InsertionString1
|
|
|
Client Computer
|
|
InsertionString5
|
10.0.0.2
|
|
Request ID
|
|
InsertionString4
|
{3AA3DC84-20A6-4F6D-972F-7DF9C9F80272}
|
|
Object DN
|
|
InsertionString1
|
CN=Daniel Krane,CN=Users,DC=research,DC=corp
|
|
Object Class
|
|
InsertionString2
|
user
|
|
Object GUID
|
|
InsertionString3
|
{9DD9B58F-9548-4EE8-A852-7911C763BF7B}
|
|
Scope
|
Query scope. Can be Base, One level or Subtree
|
InsertionString6
|
Base
|
|
Number of results
|
Numeric, number of search results
|
InsertionString8
|
1
|
|
Filter
|
LDAP search filter string
|
InsertionString9
|
(&(objectClass=*)(sAMAccountName=WIN-DD1AK8E1ES1$))
|
|
Attribute Name
|
One or more attribute names separated by comma
|
InsertionString10
|
distinguishedName,uSNChanged,CN,serverReference,dNSHostName
|
|
Elapsed
|
Numeric, number of ms
|
InsertionString11
|
0 ms
|
|
Query Type
|
Query Type. Can be LDAP or GC
|
InsertionString7
|
GC
|