Windows Security Log Event ID 4931
4931: An Active Directory replica destination naming context was modified
On this page
Directory Service replication has little to no security relevance. I recommend disabling these 2 subcategories:
Directory Service Replication
Detailed Directory Service Replication
Since DCSync and DCShadow have come out I've changed my mind about the above statement. Check out this webinar AD Attack Deep Dive: Gaining Persistence using DCSync and DCShadow with Mimikatz
Free Security Log Resources by Randy
Supercharger Free Edition
Supercharger's built-in Xpath filters leave the noise behind.
Free.
An Active Directory replica destination naming context was modified
Destination DRA: 657aa2e2-f523-48ab-b573-e32d1d27fdd0._msdcs.acme-fr.local
Source DRA: CN=NTDS Settings,CN=WIN-857ZZX6RQHL,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=acme-fr,DC=local
Destination Address: -
Naming Context: DC=ForestDnsZones,DC=acme-fr,DC=local
Options: 23
Status Code: 0
Top 10 Windows Security Events to Monitor
Free Tool for Windows Event Collection