Windows Security Log Event ID 4929

Operating Systems	Windows 2008 R2 and 7 Windows 2012 R2 and 8.1 Windows 2016 and 10 Windows Server 2019 and 2022
Category • Subcategory	Directory Service • Detailed Directory Service Replication
Type	Success
Corresponding events in Windows 2003 and before

4929: An Active Directory replica source naming context was removed

On this page

Description of this event
Field level details
Examples

Directory Service replication ~~has little to no security relevance. I recommend disabling these 2 subcategories:~~

~~Directory Service Replication~~
~~Detailed Directory Service Replication~~

Since DCSync and DCShadow have come out I've changed my mind about the above statement. Check out this webinar AD Attack Deep Dive: Gaining Persistence using DCSync and DCShadow with Mimikatz

Free Security Log Resources by Randy

Supercharger Free Edition

Your entire Windows Event Collection environment on a single pane of glass.

Free.

Examples of 4929

An Active Directory replica source naming context was removed.

Destination DRA: %1
Source DRA: %2
Source Address: %3
Naming Context: %4
Options: %5
Status Code: %6

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection

Upcoming Webinars

Additional Resources

Encyclopedia

•	Event IDs
•	All Event IDs
•	Audit Policy

Go To Event ID:

Must be a 1-5 digit number No such event ID

Security Log
Quick Reference
Chart
Download now!

User name:
Password:
	/ Forgot?
	Register

July 2024 Patch Tuesday	"Patch Tuesday - Four Zero Days " - sponsored by Supercharger for Windows Event Collection

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.