Event-o-Pedia EventID 566 - Object Operation [Win 2003]

	Event Details
	Operating System->Microsoft Windows->Built-in logs->Windows 2000-2003->Security Log->DS Access->EventID 566 - Object Operation [Win 2003]

EventID 566 - Object Operation [Win 2003]

Find more information about this event on ultimatewindowssecurity.com.

Corresponding events on other OS versions:

Windows 2000
This event is not logged on Windows 2000.

Windows 2008

Sample:

        Event Type:     Success Audit
        Event Source:   Security
        Event Category: Directory Service Access
        Event ID:       566
        Date:           10/26/2009
        Time:           07:31:44
        User:           NT AUTHORITY\SYSTEM
        Computer:       DC1
        Description:
        Object Operation:
        Object Server:	DS
        Operation Type:	Object Access
        Object Type:	%{f30e3bc2-9ff0-11d1-b603-0000f80367c1}
        Object Name:	%{8f3699fe-ab4e-4f57-ae1e-f5e37d55dbc5}
        Handle ID:	-
        Primary User Name:	DC1$
        Primary Domain:	RESEARCH
        Primary Logon ID:	(0x0,0x3E7)
        Client User Name:	DC1$
        Client Domain:	RESEARCH
        Client Logon ID:	(0x0,0x60FA64)
        Accesses:	%Write Property

        Properties:
        %Write Property
        %{771727b1-31b8-4cdf-ae62-4fe39fadf89e}
        %{bf967a76-0de6-11d0-a285-00aa003049e2}
        %{f30e3bc2-9ff0-11d1-b603-0000f80367c1}

        Additional Info:
        Additional Info2:
        Access Mask:	0x20

Log Type:

Windows Event Log

Uniquely Identified By:

Log Name:

Security

Filtering Field	Equals to Value
OSVersion	Windows 2003
Category	DS Access
Source	Security
EventId	566

Field Matching

Field	Description	Stored in	Sample Value
DateTime	Date/Time of event origination in GMT format.	DateTime	10.10.2000 19:00:00
Source	Name of an Application or System Service originating the event.	Source	Security
Type	Warning, Information, Error, Success, Failure, etc.	Type	Success
User	Domain\Account name of user/service/computer initiating event.	User	RESEARCH\Alebovsky
Computer	Name of server workstation where event was logged.	Computer	DC1
EventID	Numerical ID of event. Unique within one Event Source.	EventId	576
Description	The entire unparsed event message.	Description	Special privileges assigned to new logon.
Log Name	The name of the event log (e.g. Application, Security, System, etc.)	LogName	Security
Category	A name for a subclass of events within the same Event Source.	Category	Logon/Logoff
Object Server	The name of the service handling the access request	InsertionString1	DS
Object Type	The class object as specified in the schema for this forest (user, group, organizational unit, etc.)	InsertionString3	%{f30e3bc2-9ff0-11d1-b603-0000f80367c1}
Object Name	Distinguished name of the AD object	InsertionString4	%{8f3699fe-ab4e-4f57-ae1e-f5e37d55dbc5}
Handle ID	ID of the object handle granted to the process accessing it	InsertionString5	-
Primary User Name	Account name of the user under which the directory service process runs	InsertionString6	DC1$
Primary Domain	Domain of the Primary User Name	InsertionString7	RESEARCH
Primary Logon ID	ID of the logon session of the Primary User Name account	InsertionString8	(0x0,0x3E7)
Client User Name	Name of the user attempting to access the object	InsertionString9	DC1$
Client Domain	Domain of the Client User Name	InsertionString10	RESEARCH
Client Logon ID	ID of the logon session of the Client User Name account	InsertionString11	(0x0,0x60FA64)
Accesses	Identifies the permissions requested by user/program to the object. These accesses directly correspond to the object level and property level permissions you see in the access control list of the associated object in Active Directory. Write Property and Read Property accesses will be followed by the actual properties written to or read.	InsertionString12	%Write Property
Properties	The list of properties to which access was requested	InsertionString13	versionNumber
Operation Type	Type of operation performed on the object/property (e.g. Object Access)	InsertionString2	Object Access
Additional Info		InsertionString14
Additional Info2		InsertionString15
Access Mask	The actual set of rights for the user accessing the object.	InsertionString16	0x20