ID |
Event Description |
4720
|
A user account was created
ISO 27001:2013, NIST SP 800-53, Audit Success, PCI-DSS, NIST 800-171, CMMC L1
|
4722
|
A user account was enabled
ISO 27001:2013, NIST SP 800-53, NIST 800-171, Audit Success, PCI-DSS, CMMC L1
|
4723
|
An attempt was made to change an account's password
Audit Success, Audit Failure, CJIS
|
4724
|
An attempt was made to reset an account's password
Audit Failure, Audit Success, CJIS, ISO 27001:2013
|
4725
|
A user account was disabled
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, PCI-DSS, CMMC L1
|
4726
|
A user account was deleted
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, PCI-DSS, CMMC L1
|
4727
|
A security-enabled global group was created
Domain Controller
|
4728
|
A member was added to a security-enabled global group
Domain Controller, ISO 27001:2013, NIST 800-171, NIST SP 800-53, CMMC L1
|
4729
|
A member was removed from a security-enabled global group
Domain Controller
|
4730
|
A security-enabled global group was deleted
Domain Controller
|
4731
|
A security-enabled local group was created
Audit Success
|
4732
|
A member was added to a security-enabled local group
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L1
|
4733
|
A member was removed from a security-enabled local group
Audit Success
|
4734
|
A security-enabled local group was deleted
Audit Success
|
4735
|
A security-enabled local group was changed
Audit Success
|
4737
|
A security-enabled global group was changed
Domain Controller
|
4738
|
A user account was changed
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L1
|
4740
|
A user account was locked out
ISO 27001:2013, NIST 800-171, NIST SP 800-53, Audit Success, CMMC L3
|
4741
|
A computer account was created
Domain Controller, Audit Success
|
4742
|
A computer account was changed
Domain Controller, Audit Success
|
4743
|
A computer account was deleted
Domain Controller, Audit Success
|
4744
|
A security-disabled local group was created
|
4745
|
A security-disabled local group was changed
|
4746
|
A member was added to a security-disabled local group
|
4747
|
A member was removed from a security-disabled local group
|
4748
|
A security-disabled local group was deleted
|
4749
|
A security-disabled global group was created
Domain Controller, Audit Success
|
4750
|
A security-disabled global group was changed
Domain Controller, Audit Success
|
4751
|
A member was added to a security-disabled global group
Domain Controller, Audit Success
|
4752
|
A member was removed from a security-disabled global group
Domain Controller, Audit Success
|
4753
|
A security-disabled global group was deleted
Domain Controller, Audit Success
|
4754
|
A security-enabled universal group was created
Domain Controller
|
4755
|
A security-enabled universal group was changed
Domain Controller
|
4756
|
A member was added to a security-enabled universal group
Domain Controller, ISO 27001:2013
|
4757
|
A member was removed from a security-enabled universal group
Domain Controller
|
4758
|
A security-enabled universal group was deleted
Domain Controller
|
4759
|
A security-disabled universal group was created
Domain Controller
|
4760
|
A security-disabled universal group was changed
Domain Controller
|
4761
|
A member was added to a security-disabled universal group
Domain Controller
|
4762
|
A member was removed from a security-disabled universal group
Domain Controller
|
4763
|
A security-disabled universal group was deleted
Domain Controller
|
4764
|
A group’s type was changed
Domain Controller, Audit Success
|
4765
|
SID History was added to an account
Domain Controller, Audit Success
|
4766
|
An attempt to add SID History to an account failed
Domain Controller, Audit Failure
|
4767
|
A user account was unlocked
ISO 27001:2013, Audit Success
|
4780
|
The ACL was set on accounts which are members of administrators groups
Domain Controller, Audit Success
|
4781
|
The name of an account was changed
Audit Success
|
4782
|
The password hash an account was accessed
Domain Controller, Audit Success
|
4783
|
A basic application group was created
Domain Controller, Audit Success
|
4784
|
A basic application group was changed
Domain Controller, Audit Success
|
4785
|
A member was added to a basic application group
Domain Controller, Audit Success
|
4786
|
A member was removed from a basic application group
Domain Controller, Audit Success
|
4787
|
A non-member was added to a basic application group
Domain Controller, Audit Success
|
4788
|
A non-member was removed from a basic application group
Domain Controller, Audit Success
|
4789
|
A basic application group was deleted
Domain Controller, Audit Success
|
4790
|
An LDAP query group was created
Domain Controller, Audit Success
|
4791
|
A basic application group was changed
Domain Controller, Audit Success
|
4792
|
An LDAP query group was deleted
Domain Controller, Audit Success
|
4793
|
The Password Policy Checking API was called
Domain Controller, Audit Success
|
4794
|
An attempt was made to set the Directory Services Restore Mode administrator password
Domain Controller, Audit Success, Audit Failure
|
4797
|
An attempt was made to query the existence of a blank password for an account
|
4798
|
A user's local group membership was enumerated
Audit Success
|
4799
|
A security-enabled local group membership was enumerated
Audit Success
|
5376
|
Credential Manager credentials were backed up.
Audit Success
|
5377
|
Credential Manager credentials were restored from a backup.
Audit Success
|
624
|
User Account Created
|
626
|
User Account Enabled
|
627
|
Change Password Attempt
|
628
|
User Account password set
|
629
|
User Account Disabled
|
630
|
User Account Deleted
|
631
|
Security Enabled Global Group Created
|
632
|
Security Enabled Global Group Member Added
|
633
|
Security Enabled Global Group Member Removed
|
634
|
Security Enabled Global Group Deleted
|
635
|
Security Enabled Local Group Created
|
636
|
Security Enabled Local Group Member Added
|
637
|
Security Enabled Local Group Member Removed
|
638
|
Security Enabled Local Group Deleted
|
639
|
Security Enabled Local Group Changed
|
640
|
General Account Database Change
|
641
|
Security Enabled Global Group Changed
|
642
|
User Account Changed
|
643
|
Domain Policy Changed
|
644
|
User Account Locked Out
|
645
|
Computer Account Created
|
646
|
Computer Account Changed
|
647
|
Computer Account Deleted
|
648
|
Security Disabled Local Group Created
|
649
|
Security Disabled Local Group Changed
|
650
|
Security Disabled Local Group Member Added
|
651
|
Security Disabled Local Group Member Removed
|
652
|
Security Disabled Local Group Deleted
|
653
|
Security Disabled Global Group Created
|
654
|
Security Disabled Global Group Changed
|
655
|
Security Disabled Global Group Member Added
|
656
|
Security Disabled Global Group Member Removed
|
657
|
Security Disabled Global Group Deleted
|
658
|
Security Enabled Universal Group Created
|
659
|
Security Enabled Universal Group Changed
|
660
|
Security Enabled Universal Group Member Added
|
661
|
Security Enabled Universal Group Member Removed
|
662
|
Security Enabled Universal Group Deleted
|
663
|
Security Disabled Universal Group Created
|
664
|
Security Disabled Universal Group Changed
|
665
|
Security Disabled Universal Group Member Added
|
666
|
Security Disabled Universal Group Member Removed
|
667
|
Security Disabled Universal Group Deleted
|
668
|
Group Type Changed
|
669
|
Add SID History
|
670
|
Add SID History
|
671
|
User Account Unlocked
|
684
|
Set ACLs of members in administrators groups
|
685
|
Account Name Changed
|
686
|
Password of the following user accessed
|
687
|
Basic Application Group Created
|
688
|
Basic Application Group Changed
|
689
|
Basic Application Group Member Added
|
690
|
Basic Application Group Member Removed
|
691
|
Basic Application Group Non-Member Added
|
692
|
Basic Application Group Non-Member Removed
|
693
|
Basic Application Group Deleted
|
694
|
LDAP Query Group Created
|
695
|
LDAP Query Group Changed
|
696
|
LDAP Query Group Deleted
|
697
|
Password Policy Checking API is called
|
698
|
An attempt to set the Directory Services Restore Mode administrator password has been made
|
699
|
RODC SpecifiC Local Group Member Added
|