Windows Security Log Event ID 610

Operating Systems Windows Server 2000
Windows 2003 and XP
CategoryPolicy Change
Type Success
Corresponding events
in Windows 2008
and Vista
4706  
Discussions on Event ID 610
Ask a question about this event

610: New Trusted Domain

On this page

This event varies depending on the OS.

Win2000

This event gets logged twice (duplicate) by the domain controller. The DC also logs an event 620 along with this event. The DC logs this event for both new trusted and trusting domains. There is no way to make a distinction.

If directory service access auditing is turned on, the DC also logs an event 565 (object opened) where the object service is DS and the object type is trustedDomain. Trusted/trusting domain is not identified.

See also event IDs 611 and 620.

Win2003

Unlike Windows 2000, Windows Server 2003 only logs this event once for each new trust. Although the description says "new *trusted* domain" this event gets logged for both trusted and trusting relationships. Note trust type, trust direction, etc. in descripiton.

Also accompanying this is an event ID 565 - if directory service auditing is turned on. 565 identifies the event as a "creat child", trustedDomain event and supplies the distinquished name of the new domain (e.g. CN=SouthAmerica, CN=System,DC=elm, DC=local)

Trust Directions
1 - Trusted (the domain where this event was logged accepts the identity of users of the new domain)
2 - Trusting ( (the new domain accepts the identity of users of the domain where this event was logged)
3 - 2-way (mutual trust)

Trust Type and Attributes refer to whether the trust relationship is an NT 4.0 legacy trust, Kerberos realm trust or a forest or domain trust with another active directory domain and whether the trust is transitive or not.

SID filtering involves whether SID history from the external domain is used in the local domain.
See also event IDs 611 and 620.

Free Security Log Resources by Randy

Description Fields in 610

  • New Trusted Domain:
  • Domain Name:
  • Domain ID:
  • Established By:
  • User Name:
  • Domain: (domain of the user that made the change)
  • Logon ID:

Windows server 2003 adds the following fields:

  • Trust Type:
  • Trust Direction:
  • Trust Attributes:
  • SID Filtering:

Supercharger Free Edition


Your entire Windows Event Collection environment on a single pane of glass.

Free.

 

Examples of 610

Win2000

New Trusted Domain:
Domain Name:Europe
Domain ID:-
Established By:
User Name:administrator
Domain:ELMW2
Logon ID:(0x0,0x804C2)

Win2003

New Trusted Domain:
Domain Name:SouthAmerica
Domain ID:-
Established By:
User Name:administrator
Domain:ELM
Logon ID:(0x0,0x158EB7)
Trust Type:3
Trust Direction:2
Trust Attributes:1
SID Filtering:Disabled

Keep me up-to-date on the Windows Security Log.
Email*:
*We will NOT share this

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection



 

Additional Resources