I've been searching for information relating to auditing of Active directory (AD) access. When Directory service access auditing is turned on, various events are produced (e.g. 563, 565 etc) to log the action taken by the account making the call. To-date I have been unable to locate any information regarding the "Object Type" and "Object Name" fields reported in the logs (see sample below). So I thought I'd ask the list just in case anyone has ran across this type of information. If you have I'd appreciate an email.
SEC,6/1/2004,23:55:30,Security,565,Success,Directory Service Access ,TDomain\administrator,DC01,Object Open:^` Object Server: DS^` Object Type: \{19195a5b-6da0-11d0-afd3-00c04fd930c9\}^` Object Name: \{aa687b49-3737-4053-ab8b-c6216ff20e04\}^` New Handle ID: 0^` Operation ID: \{0 7375296\}^` Process ID: 308^` Primary User Name: DC01$^` Primary Domain: TDomain^` Primary Logon ID: (0x0 0x3E7)^` Client User Name: administrator^` Client Domain: DC01^` Client Logon ID: (0x0 0xE4BF)^` Accesses Control Access ^` ^` Privileges -^`^` Properties:^`Control Access ^` \{1131f6ac-9c07-11d1-f79f-00c04fc2dcd2\}^`^`\par
}
Thanks
**************************************************************************
This electronic message may contain confidential or privileged information
and is intended for the individual or entity named above. If you are
not the intended recipient, be aware that any disclosure, copying,
distribution or use of the contents of this information is prohibited.
If you have received this electronic transmission in error, please notify
the sender immediately by using the e-mail address or by telephone
(704-633-8250).
**************************************************************************
_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis
This archive was generated by hypermail 2b30 : Wed Jun 02 2004 - 17:53:41 PDT