Event ID 4790

An LDAP query group was created

An LDAP query group was created.

Subject:
    Security ID:        %4
    Account Name:       %5
    Account Domain:     %6
    Logon ID:       %7

Group:
    Security ID:        %3
    Account Name:       %1
    Account Domain:     %2

Attributes:
    SAM Account Name:   %9
    SID History:        %10

Additional Information:
    Privileges:     %8


Auditing:     Conditional

It's recommended to audit this event when utilizing the Windows Authorization Manager.


Windows Authorization Manager (aka AzMan).

AzMan is considered deprecated as of Windows Server 2012 R2 and may be removed from future versions of Windows.




Lookup Audit Policy Configuration Settings

C:\> AuditPol.exe /get /subcategory:"Application Group Management"



LEFT/RIGHT arrow keys for navigation

Back to List