deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-05 17:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/security/threat-protection/auditing/audit-detailed-directory-service-replication.md
martyav 4fad70bde0 items through 224 reviewed
2020-01-02 17:21:45 -05:00

3.2 KiB
Raw Blame History

title, description, ms.assetid, ms.reviewer, manager, ms.author, ms.pagetype, ms.prod, ms.mktglfcycl, ms.sitesec, ms.localizationpriority, author, ms.date
title description ms.assetid ms.reviewer manager ms.author ms.pagetype ms.prod ms.mktglfcycl ms.sitesec ms.localizationpriority author ms.date
Audit Detailed Directory Service Replication (Windows 10) The Audit Detailed Directory Service Replication setting decides if audit events contain detailed tracking info about data replicated between domain controllers 1b89c8f5-bce7-4b20-8701-42585c7ab993 dansimp dansimp security w10 deploy library none dansimp 04/19/2017

Audit Detailed Directory Service Replication

Applies to

  • Windows 10
  • Windows Server 2016

Audit Detailed Directory Service Replication determines whether the operating system generates audit events that contain detailed tracking information about data that is replicated between domain controllers.

This audit subcategory can be useful to diagnose replication issues.

Event volume: These events can create a very high volume of event data on domain controllers.

Computer Type General Success General Failure Stronger Success Stronger Failure Comments
Domain Controller No No IF IF IF - Events in this subcategory typically have an informational purpose and it is difficult to detect any malicious activity using these events. Its mainly used for Active Directory replication troubleshooting.
Member Server No No No No This subcategory makes sense only on domain controllers.
Workstation No No No No This subcategory makes sense only on domain controllers.

Events List:

  • 4928(S, F): An Active Directory replica source naming context was established.

  • 4929(S, F): An Active Directory replica source naming context was removed.

  • 4930(S, F): An Active Directory replica source naming context was modified.

  • 4931(S, F): An Active Directory replica destination naming context was modified.

  • 4934(S): Attributes of an Active Directory object were replicated.

  • 4935(F): Replication failure begins.

  • 4936(S): Replication failure ends.

  • 4937(S): A lingering object was removed from a replica.