Event ID 4662

An operation was performed on an object 

An operation was performed on an object.

Subject :
    Security ID:        %1
    Account Name:       %2
    Account Domain:     %3
    Logon ID:           %4

Object:
    Object Server:      %5
    Object Type:        %6
    Object Name:        %7
    Handle ID:          %9

Operation:
    Operation Type:     %8
    Accesses:           %10
    Access Mask:        %11
    Properties:         %12

Additional Information:
    Parameter 1:        %13
    Parameter 2:        %14


Auditing:     Conditional

Auditing is generally only recommended for AD replication troubleshooting or more detailed monitoring.


Volume:     High Very High


Microsoft Documentation

Event ID - 4662



Name Field Insertion String OS Example
Security ID SubjectUserSid %1 Any CORP\first.last
Account Name SubjectUserName %2 Any first.last
Account Domain SubjectDomainName %3 Any CORP
Logon ID SubjectLogonId %4 Any 0x35867
Object Server ObjectServer %5 Any DS
Object Type ObjectType %6 Any computer
Object Name ObjectName %7 Any CN=MyComputer,CN=Users,DC=sierraclub,DC=local
Operation Type OperationType %8 Any Object Access
Handle ID HandleId %9 Any 0x0
Accesses AccessList %10 Any DELETE
Access Mask AccessMask %11 Any View Codes
Properties Properties %12 Any DELETE {b845b74-0d6b-9a34-b873-00aa003049a1
Parameter 1 AdditionalInfo %13 Any -
Paramater 2 Additional Info2 %14 Any

Lookup Audit Policy Configuration Settings

C:\> AuditPol.exe /get /subcategory:"Directory Service Access"
How to enable Windows Auditing
Recommended Audit Policy

Operating Systems:
Windows 2008 Windows 7 Windows 2008 R2 Windows 8 Windows 2012 Windows 8.1 Windows 2012 R2 Windows 10 Windows 2016 Windows 2019 Windows 2022

Tags:
Domain Controller Audit Success Audit Failure
Audit Category:
DS Access

Audit Subcategory:
Directory Service Access
Legacy Events:
566

Correlated Events:
4624 4661

LEFT/RIGHT arrow keys for navigation

Back to List