Windows Security Log Events by ID: Event ID 566

Windows Security Log Events by ID

look up more events by Event ID or Category

Event ID

566

Title

Object Operation (W3 Active Directory)

Type:

Example:

Randy's Comments:

Success
Failure

OS:

Windows 2003

Category:

Directory Service

p>Object Operation:
Object Server:DS
Operation Type:Object Access
Object Type:user
Object Name:CN=test,DC=elm,DC=local
Handle ID:-
Primary User Name:W3DC$
Primary Domain:ELM
Primary Logon ID:(0x0,0x3E7)
Client User Name:administrator
Client Domain:ELM
Client Logon ID:(0x0,0x158EB7)
Accesses:Write Property

Properties:
Write Property
Public Information
sn
user

Additional Info:
Additional Info2:
Access Mask:0x20

Whereas event 565 logs the permissions requested by user/program, event 566 logs the permissions actually exercised by the user/program after opening it. While an object may accessed several times during the same open, Windows only logs event 566 the first time a given permission is actually exercised. This event is similar to 567 but is limited to Active Directory object accesses.

This event is part of operation based auditing which is new to W3.

You will only see event 566 on domain controllers.

Top 10 Most Important Events to Monitor

Windows Security Log Events by ID

566

Object Operation (W3 Active Directory)

Upcoming Webinars by Randy Franklin Smith

Additional Links