Windows Security Log Event ID 4928

Operating Systems	Windows 2008 R2 and 7 Windows 2012 R2 and 8.1 Windows 2016 and 10 Windows Server 2019
Category • Subcategory	Directory Service • Directory Service Replication
Type	Success
Corresponding events in Windows 2003 and before

Discussions on Event ID 4928

Ask a question about this event

4928: An Active Directory replica source naming context was established

On this page

Description of this event
Field level details
Examples
Discuss this event
Mini-seminars on this event

Directory Service replication ~~has little to no security relevance. I recommend disabling these 2 subcategories:~~

~~Directory Service Replication~~
~~Detailed Directory Service Replication~~

Since DCSync and DCShadow have come out I've changed my mind about the above statement. Check out this webinar AD Attack Deep Dive: Gaining Persistence using DCSync and DCShadow with Mimikatz

Free Security Log Resources by Randy

Supercharger Enterprise

Examples of 4928

An Active Directory replica source naming context was established.

Destination DRA: CN=NTDS Settings,CN=WIN-R9H529RIO4Y,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=acme-fr,DC=local
Source DRA: CN=NTDS Settings,CN=WIN-857ZZX6RQHL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=acme-fr,DC=local
Source Address: 0b63afed-1e41-43a3-8bc2-f33dc33942ea._msdcs.acme-fr.local
Naming Context: DC=acme-fr,DC=local
Options: 352
Status Code: 0

Keep me up-to-date on the Windows Security Log.
Email*:
*We will NOT share this

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection

Discussions on Event ID 4928

Ask a question about this event

Upcoming Webinars

Additional Resources

Encyclopedia

•	All Event IDs
•	Audit Policy

Go To Event ID:

Security Log
Quick Reference
Chart
Download now!

User name:
Password:
	/ Forgot?
	Register

June 2019 Patch Monday	"Patch Monday: Firefox Zero Day Attacked " - sponsored by LOGbinder

Follow @randyfsmith

Home

Follow @randyfsmith

About | Newsletter | Contact

Ultimate Windows Security is a division of Monterey Technology Group, Inc. ©2006-2019 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.