Windows Security Log Event ID 4716
Operating Systems |
Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
Windows Server 2019 and 2022
|
Category • Subcategory | Policy Change • Authentication Policy Change |
Type
|
Success
|
Corresponding events
in Windows
2003 and before |
620
|
4716: Trusted domain information was modified
On this page
This event is logged for modifications to trust relationships connecting to this domain. While the description says "Trusted" this event applies to both trusted and trusting relationships as documented by Trust Information.
Free Security Log Resources by Randy
Subject:
The ID and logon session of the user that excercised modified the trust.
- Security ID: The SID of the account.
- Account Name: The account logon name.
- Account Domain: The domain or - in the case of local accounts - computer name.
- Logon ID is a semi-unique (unique between reboots) number that identifies the logon session. Logon ID allows you to correlate backwards to the logon event (4624) as well as with other events logged during the same logon session.
Trusted Domain:
The other domain in this trust relationship which despite the word "Trusted" may be a trusting or trusted domain or both. See Trust Information.
- Domain Name: the DNS name of the domain
- Domain ID: the pre-Win2k (NetBIOS) name of the domain
New Trust Information:
All the information that defines the type of trust after this change, whether it is one way or mutual, transitivity, etc.
- Trust Type:
1 |
TRUST_TYPE_DOWNLEVEL |
The other domain is pre-Win2k (NTLM only supported) |
2 |
TRUST_TYPE_UPLEVEL |
The other domain is Win2k or later (Windows Kerberos supported) |
3 |
TRUST_TYPE_MIT |
Other domain is actually an MIT Kerberos Realm (probably UNIX) |
4 |
TRUST_TYPE_DCE |
The trusted domain is a DCE realm |
- Trust Direction:
Disabled |
0x0 |
Inbound |
0x1 |
Outbound |
0x2 |
Bidirectional |
0x3 |
- Trust Attributes: A bitwise value compromised of any of the following
- TRUST_ATTRIBUTE_NON_TRANSITIVE 1
- TRUST_ATTRIBUTE_UPLEVEL_ONLY 2
- TRUST_ATTRIBUTE_FILTER_SIDS 4
- TRUST_ATTRIBUTE_FOREST_TRANSITIVE 8
- SID Filtering: Enabled (always enabled for domains within the same forest). http://technet2.microsoft.com/windowsserver/en/library/01e5cf71-b317-4967-82a2-75b7b632b7461033.mspx?mfr=true
Supercharger Free Edition