Windows Security Log Events by ID: Event ID 565 on Windows 2003

Windows Security Log Events by ID

look up more events by Event ID or Category

Event ID

565

Title

Object Open (W3 Active Directory)

Type:

Example:

Randy's Comments:

Success

OS:

Windows 2003

Category:

Directory Service

Object Open:
Object Server:Security Account Manager
Object Type:SAM_USER
Object Name:S-1-5-21-2121316058-685099279-904526279-500
Handle ID:44677624
Operation ID:{0,78919}
Process ID:500
Process Name:C:\WINDOWS\system32\lsass.exe
Primary User Name:W3DC$
Primary Domain:ELM
Primary Logon ID:(0x0,0x3E7)
Client User Name:Administrator
Client Domain:ELM
Client Logon ID:(0x0,0x1342B)
Accesses:DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
ReadGeneralInformation
ReadPreferences
WritePreferences
ReadLogon
ReadAccount
WriteAccount
SetPassword (without knowledge of old password)
ListGroups

Privileges:-

Properties:
---
user
DELETE
READ_CONTROL
WRITE_DAC
WRITE_OWNER
ReadGeneralInformation
ReadPreferences
WritePreferences
ReadLogon
ReadAccount
WriteAccount
SetPassword (without knowledge of old password)
ListGroups
General Information
codePage
countryCode
objectSid
primaryGroupID
sAMAccountName
comment
displayName
Account Restrictions
accountExpires
pwdLastSet
userAccountControl
userParameters
Logon Information
badPwdCount
homeDirectory
homeDrive
lastLogoff
lastLogon
logonCount
logonHours
logonWorkstation
profilePath
scriptPath
Public Information
description
Group Membership
memberOf
Change Password
Reset Password
%{7ed84960-ad10-11d0-8a92-00aa006e0529}

Access Mask:0

See event 565 for Windows 2000 for an introduction to this event.

Additional fields are logged for this event by W3 including:

Process Name: name of the executable that accessed the object.

You will only see event 565 on domain controllers.

Top 10 Most Important Events to Monitor

Windows Security Log Events by ID

565

Object Open (W3 Active Directory)

Upcoming Webinars by Randy Franklin Smith

Additional Links