Event-o-Pedia EventID 4662 - An operation was performed on an object

	Event Details
	User Activity->Object Access->Active Directory Object Access->Windows 2008->EventID 4662 - An operation was performed on an object - Successful.

EventID 4662 - An operation was performed on an object - Successful.

Linked Event:

EventID 4662 - An operation was performed on an object.

Sample:

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          10/27/2009 10:08:54 PM
Event ID:      4662
Task Category: Directory Service Access
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      dcc1.Logistics.corp
Description:   
An operation was performed on an object.
Subject :
	Security ID:		S-1-5-18
	Account Name:		DCC1$
	Account Domain:		LOGISTICS
	Logon ID:		0x4bb02
Object:
	Object Server:		DS
	Object Type:		{19195a5b-6da0-11d0-afd3-00c04fd930c9}
	Object Name:		{d9434cb5-3344-4544-977e-9346674bf78b}
	Handle ID:		0x0
Operation:
	Operation Type:		Object Access
	Accesses:		Control Access
			
	Access Mask:		0x100
	Properties:		Control Access
		{1131f6aa-9c07-11d1-f79f-00c04fc2dcd2}
	{19195a5b-6da0-11d0-afd3-00c04fd930c9}

Additional Information:
	Parameter 1:		-
	Parameter 2:

Log Type:

Windows Event Log

Uniquely Identified By:

Log Name:

Security

Filtering Field	Equals to Value
OSVersion	Windows Vista (2008) Windows 7 (2008 R2) Windows 8 (2012) Windows 8.1 (2012 R2) Windows 10 (2016)
Category	DS Access
Source	Microsoft-Windows-Security-Auditing
TaskCategory	Directory Service Access
EventId	4662
Type	Success Audit

Field Matching

Field	Description	Stored in	Sample Value
When	At what date and time a user activity originated in the system.	DateTime	10.10.2000 19:00:00
Who	Account or user name under which the activity occured.	Subject: Account Name	ALebovsky
What	The type of activity occurred (e.g. Logon, Password Changed, etc.)	"AD Object Access Exercised"	AD Object Access Exercised
Where	The name of the workstation/server where the activity was logged.	Computer	DC1
Where From	The name of the workstation/server where the activity was initiated from.	-	10.10.10.10
Severity	Specify the seriousness of the event.	"Medium"	Medium
WhoDomain		Subject: Account Domain	LOGISTICS
WhereDomain		-
Result	Successful or Failed	"Successful"	Successful
Object Name		Object Name	DC=Logistics,DC=corp
Object Type		Object Type	SAM_DOMAIN
Whom		-