Windows Security Log Event ID 4928

Operating Systems Windows 2008 R2 and 7
Windows 2012 R2 and 8.1
Windows 2016 and 10
Category
 • Subcategory
Directory Service
 • Directory Service Replication
Type Success
Corresponding events
in Windows 2003
and before
 
Discussions on Event ID 4928
Ask a question about this event

4928: An Active Directory replica source naming context was established

On this page

Directory Service replication has little to no security relevance.  I recommend disabling these 2 subcategories: 

  • Directory Service Replication
  • Detailed Directory Service Replication

Free Security Log Resources by Randy

Supercharger Enterprise


Load Balancing for Windows Event Collection

 

Examples of 4928

An Active Directory replica source naming context was established.

Destination DRA: CN=NTDS Settings,CN=WIN-R9H529RIO4Y,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=acme-fr,DC=local
Source DRA: CN=NTDS Settings,CN=WIN-857ZZX6RQHL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=acme-fr,DC=local
Source Address: 0b63afed-1e41-43a3-8bc2-f33dc33942ea._msdcs.acme-fr.local
Naming Context: DC=acme-fr,DC=local
Options:  352
Status Code: 0

Keep me up-to-date on the Windows Security Log.
Email*:
*We will NOT share this

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection



 

Additional Resources