Windows Security Log Event ID 610

Operating Systems	Windows Server 2000 Windows 2003 and XP
Category	Policy Change
Type	Success
Corresponding events in Windows 2008 and Vista	4706

610: New Trusted Domain

On this page

Description of this event
Field level details
Examples
Mini-seminars on this event

This event varies depending on the OS.

Win2000

This event gets logged twice (duplicate) by the domain controller. The DC also logs an event 620 along with this event. The DC logs this event for both new trusted and trusting domains. There is no way to make a distinction.

If directory service access auditing is turned on, the DC also logs an event 565 (object opened) where the object service is DS and the object type is trustedDomain. Trusted/trusting domain is not identified.

See also event IDs 611 and 620.

Win2003

Unlike Windows 2000, Windows Server 2003 only logs this event once for each new trust. Although the description says "new *trusted* domain" this event gets logged for both trusted and trusting relationships. Note trust type, trust direction, etc. in descripiton.

Also accompanying this is an event ID 565 - if directory service auditing is turned on. 565 identifies the event as a "creat child", trustedDomain event and supplies the distinquished name of the new domain (e.g. CN=SouthAmerica, CN=System,DC=elm, DC=local)

Trust Directions
1 - Trusted (the domain where this event was logged accepts the identity of users of the new domain)
2 - Trusting ( (the new domain accepts the identity of users of the domain where this event was logged)
3 - 2-way (mutual trust)

Trust Type and Attributes refer to whether the trust relationship is an NT 4.0 legacy trust, Kerberos realm trust or a forest or domain trust with another active directory domain and whether the trust is transitive or not.

SID filtering involves whether SID history from the external domain is used in the local domain.
See also event IDs 611 and 620.

Free Security Log Resources by Randy

Description Fields in 610

New Trusted Domain:
Domain Name:
Domain ID:
Established By:
User Name:
Domain: (domain of the user that made the change)
Logon ID:

Windows server 2003 adds the following fields:

Trust Type:
Trust Direction:
Trust Attributes:
SID Filtering:

Setup PowerShell Audit Log Forwarding in 4 Minutes

Examples of 610

Win2000

New Trusted Domain:
Domain Name:Europe
Domain ID:-
Established By:
User Name:administrator
Domain:ELMW2
Logon ID:(0x0,0x804C2)

Win2003

New Trusted Domain:
Domain Name:SouthAmerica
Domain ID:-
Established By:
User Name:administrator
Domain:ELM
Logon ID:(0x0,0x158EB7)
Trust Type:3
Trust Direction:2
Trust Attributes:1
SID Filtering:Disabled

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection

Mini-Seminars Covering Event ID 610

Building a Security Dashboard for Your Senior Executives

Upcoming Webinars

Additional Resources

Encyclopedia

•	Event IDs
•	All Event IDs
•	Audit Policy

Go To Event ID:

Must be a 1-5 digit number No such event ID

Security Log
Quick Reference
Chart
Download now!

User name:
Password:
	/ Forgot?
	Register

April 2024 Patch Tuesday	"Patch Tuesday - One Zero Day and Record Number of Patches! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.