Event-o-Pedia EventID 5136 - A directory service object was modified.

	Event Details
	User Activity->Object Access->Active Directory Object Access->Windows 2008->EventID 5136 - A directory service object was modified.

EventID 5136 - A directory service object was modified.

Linked Event:

EventID 5136 - A directory service object was modified.

Sample:

Log Name:      Security
Source:        Microsoft-Windows-Security-Auditing
Date:          10/27/2009 10:16:14 PM
Event ID:      5136
Task Category: Directory Service Changes
Level:         Information
Keywords:      Audit Success
User:          N/A
Computer:      dcc1.Logistics.corp
Description:   
A directory service object was modified.
	
Subject:
	Security ID:		S-1-0-0
	Account Name:		-
	Account Domain:		-
	Logon ID:		0x4ea9d
Directory Service:
	Name:	Logistics.corp
	Type:	Active Directory Domain Services
	
Object:
	DN:	CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Logistics,DC=corp
	GUID:	{09F06385-049C-4B85-AD8A-3755BECB8792}
	Class:	groupPolicyContainer
	
Attribute:
	LDAP Display Name:	versionNumber
	Syntax (OID):	2.5.5.9
	Value:	65542
	
Operation:
	Type:	Value Deleted
	Correlation ID:	{26178C62-95F6-43B6-934A-683AF7176BDC}
	Application Correlation ID:	-

Log Type:

Windows Event Log

Uniquely Identified By:

Log Name:

Security

Filtering Field	Equals to Value
OSVersion	Windows Vista (2008) Windows 7 (2008 R2) Windows 8 (2012) Windows 8.1 (2012 R2) Windows 10 (2016)
Category	DS Access
Source	Microsoft-Windows-Security-Auditing
TaskCategory	Directory Service Changes
EventId	5136

Field Matching

Field	Description	Stored in	Sample Value
When	At what date and time a user activity originated in the system.	DateTime	10.10.2000 19:00:00
Who	Account or user name under which the activity occured.	Subject: Account Name	-
What	The type of activity occurred (e.g. Logon, Password Changed, etc.)	"AD Object was modified"	AD Object was modified
Where	The name of the workstation/server where the activity was logged.	Computer	DC1
Where From	The name of the workstation/server where the activity was initiated from.	-	10.10.10.10
Severity	Specify the seriousness of the event.	"Medium"	Medium
WhoDomain		Subject: Account Domain	-
WhereDomain		-
Result	Successful or Failed	"Successful"	Successful
Object Name		Object: DN	CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Logistics,DC=corp
Object Type		Object: Class	groupPolicyContainer
Whom		-
Object DN	The X.400 distinguished name of the object	InsertionString9	CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=System,DC=Logistics,DC=corp
Object ID	The globally unique identifier of the object, or the DN	Object: ID	{09F06385-049C-4B85-AD8A-3755BECB8792}