deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-16 07:17:24 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/keep-secure/audit-detailed-directory-service-replication.md
Brian Lich 5e5d121d83 fixing merge conflicts
2016-06-02 15:19:58 -07:00

3.2 KiB
Raw Blame History

title, description, ms.assetid, ms.pagetype, ms.prod, ms.mktglfcycl, ms.sitesec, author
title description ms.assetid ms.pagetype ms.prod ms.mktglfcycl ms.sitesec author
Audit Detailed Directory Service Replication (Windows 10) This topic for the IT professional describes the advanced security audit policy setting, Audit Detailed Directory Service Replication, which determines whether the operating system generates audit events that contain detailed tracking information about data that is replicated between domain controllers. 1b89c8f5-bce7-4b20-8701-42585c7ab993 security w10 deploy library Mir0sh

Audit Detailed Directory Service Replication

Applies to

  • Windows 10
  • Windows Server 2016

Audit Detailed Directory Service Replication determines whether the operating system generates audit events that contain detailed tracking information about data that is replicated between domain controllers.

This audit subcategory can be useful to diagnose replication issues.

Event volume: These events can create a very high volume of event data on domain controllers.

Computer Type General Success General Failure Stronger Success Stronger Failure Comments
Domain Controller No No IF IF IF - Events in this subcategory typically have an informational purpose and it is difficult to detect any malicious activity using these events. Its mainly used for Active Directory replication troubleshooting.
Member Server No No No No This subcategory makes sense only on domain controllers.
Workstation No No No No This subcategory makes sense only on domain controllers.

Events List:

  • 4928(S, F): An Active Directory replica source naming context was established.

  • 4929(S, F): An Active Directory replica source naming context was removed.

  • 4930(S, F): An Active Directory replica source naming context was modified.

  • 4931(S, F): An Active Directory replica destination naming context was modified.

  • 4934(S): Attributes of an Active Directory object were replicated.

  • 4935(F): Replication failure begins.

  • 4936(S): Replication failure ends.

  • 4937(S): A lingering object was removed from a replica.