Windows Security Log Event ID 610

Operating Systems Windows Server 2000
Windows 2003 and XP
CategoryPolicy Change
Type Success
Corresponding events
in Windows 2008
and Vista
Discussions on Event ID 610
Ask a question about this event

610: New Trusted Domain

On this page

This event varies depending on the OS.


This event gets logged twice (duplicate) by the domain controller. The DC also logs an event 620 along with this event. The DC logs this event for both new trusted and trusting domains. There is no way to make a distinction.

If directory service access auditing is turned on, the DC also logs an event 565 (object opened) where the object service is DS and the object type is trustedDomain. Trusted/trusting domain is not identified.

See also event IDs 611 and 620.


Unlike Windows 2000, Windows Server 2003 only logs this event once for each new trust. Although the description says "new *trusted* domain" this event gets logged for both trusted and trusting relationships. Note trust type, trust direction, etc. in descripiton.

Also accompanying this is an event ID 565 - if directory service auditing is turned on. 565 identifies the event as a "creat child", trustedDomain event and supplies the distinquished name of the new domain (e.g. CN=SouthAmerica, CN=System,DC=elm, DC=local)

Trust Directions
1 - Trusted (the domain where this event was logged accepts the identity of users of the new domain)
2 - Trusting ( (the new domain accepts the identity of users of the domain where this event was logged)
3 - 2-way (mutual trust)

Trust Type and Attributes refer to whether the trust relationship is an NT 4.0 legacy trust, Kerberos realm trust or a forest or domain trust with another active directory domain and whether the trust is transitive or not.

SID filtering involves whether SID history from the external domain is used in the local domain.
See also event IDs 611 and 620.

Free Security Log Resources by Randy

Description Fields in 610

  • New Trusted Domain:
  • Domain Name:
  • Domain ID:
  • Established By:
  • User Name:
  • Domain: (domain of the user that made the change)
  • Logon ID:

Windows server 2003 adds the following fields:

  • Trust Type:
  • Trust Direction:
  • Trust Attributes:
  • SID Filtering:

Supercharger Enterprise


Examples of 610


New Trusted Domain:
Domain Name:Europe
Domain ID:-
Established By:
User Name:administrator
Logon ID:(0x0,0x804C2)


New Trusted Domain:
Domain Name:SouthAmerica
Domain ID:-
Established By:
User Name:administrator
Logon ID:(0x0,0x158EB7)
Trust Type:3
Trust Direction:2
Trust Attributes:1
SID Filtering:Disabled

Keep me up-to-date on the Windows Security Log.
*We will NOT share this

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection


Additional Resources