deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-05 00:57:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md
Daniel Simpson c4e79e54fe mega metadata update
2021-10-28 11:16:23 -07:00

3.1 KiB
Raw Blame History

title, description, ms.assetid, ms.reviewer, manager, ms.author, ms.pagetype, ms.prod, ms.mktglfcycl, ms.sitesec, ms.localizationpriority, author, ms.date, ms.technology
title description ms.assetid ms.reviewer manager ms.author ms.pagetype ms.prod ms.mktglfcycl ms.sitesec ms.localizationpriority author ms.date ms.technology
Audit Detailed Directory Service Replication (Windows 10) The Audit Detailed Directory Service Replication setting decides if audit events contain detailed tracking info about data replicated between domain controllers 1b89c8f5-bce7-4b20-8701-42585c7ab993 dansimp dansimp security m365-security deploy library none dansimp 09/06/2021 windows-sec

Audit Detailed Directory Service Replication

Audit Detailed Directory Service Replication determines whether the operating system generates audit events that contain detailed tracking information about data that is replicated between domain controllers.

This audit subcategory can be useful to diagnose replication issues.

Event volume: These events can create a very high volume of event data on domain controllers.

Computer Type General Success General Failure Stronger Success Stronger Failure Comments
Domain Controller No No IF IF IF - Events in this subcategory typically have an informational purpose and it is difficult to detect any malicious activity using these events. Its mainly used for Active Directory replication troubleshooting.
Member Server No No No No This subcategory makes sense only on domain controllers.
Workstation No No No No This subcategory makes sense only on domain controllers.

Events List:

  • 4928(S, F): An Active Directory replica source naming context was established.

  • 4929(S, F): An Active Directory replica source naming context was removed.

  • 4930(S, F): An Active Directory replica source naming context was modified.

  • 4931(S, F): An Active Directory replica destination naming context was modified.

  • 4934(S): Attributes of an Active Directory object were replicated.

  • 4935(F): Replication failure begins.

  • 4936(S): Replication failure ends.

  • 4937(S): A lingering object was removed from a replica.