ADWS
10 events across 1 channel
| Event ID | Title | Channel |
|---|---|---|
| 1000 | Active Directory Web Services is starting. | Active Directory Web Services |
| 1004 | Active Directory Web Services has successfully started and is now accepting … | Active Directory Web Services |
| 1006 | Active Directory Web Services is advertising. | Active Directory Web Services |
| 1008 | Active Directory Web Services has successfully reduced its security privileges. | Active Directory Web Services |
| 1100 | The values specified in the <appsettings> section of the configuration file for … | Active Directory Web Services |
| 1200 | Active Directory Web Services is now servicing the specified directory instance. | Active Directory Web Services |
| 1202 | This computer is now hosting the specified directory instance, but Active … | Active Directory Web Services |
| 1206 | Active Directory Web Services | |
| 1400 | Active Directory Web Services could not find a server certificate with the … | Active Directory Web Services |
| 1401 | Active Directory Web Services |
Event ID 1000 — Active Directory Web Services is starting.
#Example Event #
{
"system": {
"provider": "ADWS",
"guid": "",
"event_source_name": "",
"event_id": 1000,
"version": 0,
"level": 4,
"task": 1,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2022-04-07T16:53:33.218560+00:00",
"event_record_id": 18,
"correlation": {},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Active Directory Web Services",
"computer": "WIN-FPV0DSIC9O6.lab.local",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": "Active Directory Web Services is starting."
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1004 — Active Directory Web Services has successfully started and is now accepting requests.
#Example Event #
{
"system": {
"provider": "ADWS",
"guid": "",
"event_source_name": "",
"event_id": 1004,
"version": 0,
"level": 4,
"task": 1,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2022-04-07T16:55:13.656546+00:00",
"event_record_id": 25,
"correlation": {},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Active Directory Web Services",
"computer": "WIN-FPV0DSIC9O6.lab.local",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": "Active Directory Web Services has successfully started and is now accepting requests."
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1006 — Active Directory Web Services is advertising.
#Example Event #
{
"system": {
"provider": "ADWS",
"guid": "",
"event_source_name": "",
"event_id": 1006,
"version": 0,
"level": 4,
"task": 1,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2022-04-07T16:55:13.656546+00:00",
"event_record_id": 24,
"correlation": {},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Active Directory Web Services",
"computer": "WIN-FPV0DSIC9O6.lab.local",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": "Active Directory Web Services is advertising."
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1008 — Active Directory Web Services has successfully reduced its security privileges.
#Example Event #
{
"system": {
"provider": "ADWS",
"guid": "",
"event_source_name": "",
"event_id": 1008,
"version": 0,
"level": 4,
"task": 1,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2022-04-07T16:53:41.578058+00:00",
"event_record_id": 20,
"correlation": {},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Active Directory Web Services",
"computer": "WIN-FPV0DSIC9O6.lab.local",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": "Active Directory Web Services has successfully reduced its security privileges."
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1100 — The values specified in the <appsettings> section of the configuration file for Active Directory Web Services have been loaded without errors.
#Example Event #
{
"system": {
"provider": "ADWS",
"guid": "",
"event_source_name": "",
"event_id": 1100,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2022-04-07T16:54:38.719082+00:00",
"event_record_id": 22,
"correlation": {},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Active Directory Web Services",
"computer": "WIN-FPV0DSIC9O6.lab.local",
"security": {
"user_id": ""
}
},
"event_data": {},
"message": "The values specified in the <appsettings> section of the configuration file for Active Directory Web Services have been loaded without errors."
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1200 — Active Directory Web Services is now servicing the specified directory instance.
#Fields #
| Name | Description |
|---|---|
Data | — |
Example Event #
{
"system": {
"provider": "ADWS",
"guid": "",
"event_source_name": "",
"event_id": 1200,
"version": 0,
"level": 4,
"task": 3,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2022-04-07T17:00:49.519334+00:00",
"event_record_id": 32,
"correlation": {},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Active Directory Web Services",
"computer": "WIN-FPV0DSIC9O6.lab.local",
"security": {
"user_id": ""
}
},
"event_data": {
"Data": [
"GC",
"3268",
"3269"
]
},
"message": "Active Directory Web Services is now servicing the specified directory instance.\n\r\n\n\r\nDirectory instance: GC\n\r\nDirectory instance LDAP port: 3268\n\r\nDirectory instance SSL port: 3269\n"
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1202 — This computer is now hosting the specified directory instance, but Active Directory Web Services could not service it.
#Fields #
| Name | Description |
|---|---|
Data | — |
Example Event #
{
"system": {
"provider": "ADWS",
"guid": "",
"event_source_name": "",
"event_id": 1202,
"version": 0,
"level": 2,
"task": 3,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2022-04-07T16:59:51.452547+00:00",
"event_record_id": 30,
"correlation": {},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Active Directory Web Services",
"computer": "WIN-FPV0DSIC9O6.lab.local",
"security": {
"user_id": ""
}
},
"event_data": {
"Data": [
"NTDS",
"389",
"636"
]
},
"message": "This computer is now hosting the specified directory instance, but Active Directory Web Services could not service it. Active Directory Web Services will retry this operation periodically.\n\r\n\n\r\nDirectory instance: NTDS\n\r\nDirectory instance LDAP port: 389\n\r\nDirectory instance SSL port: 636\n"
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1206 —
Fields #
| Name | Description |
|---|---|
Data_0 | — |
Binary | — |
Example Event #
{
"system": {
"provider": "ADWS",
"guid": "",
"event_source_name": "",
"event_id": 1206,
"version": 0,
"level": 2,
"task": 3,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-03-13T19:41:55.394292+00:00",
"event_record_id": 68,
"correlation": {},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Active Directory Web Services",
"computer": "LAB-DC01.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "",
"Binary": ""
},
"message": ""
}
Event ID 1400 — Active Directory Web Services could not find a server certificate with the specified certificate name.
#Fields #
| Name | Description |
|---|---|
Data | — |
Example Event #
{
"system": {
"provider": "ADWS",
"guid": "",
"event_source_name": "",
"event_id": 1400,
"version": 0,
"level": 4,
"task": 5,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2022-04-07T16:54:00.718478+00:00",
"event_record_id": 21,
"correlation": {},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Active Directory Web Services",
"computer": "WIN-FPV0DSIC9O6.lab.local",
"security": {
"user_id": ""
}
},
"event_data": {
"Data": [
"WIN-FPV0DSIC9O6.lab.local"
]
},
"message": "Active Directory Web Services could not find a server certificate with the specified certificate name. A certificate is required to use SSL/TLS connections. To use SSL/TLS connections, verify that a valid server authentication certificate from a trusted Certificate Authority (CA) is installed on the machine.\n\r\n\n\r\nCertificate name: WIN-FPV0DSIC9O6.lab.local\n"
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1401 —
Fields #
| Name | Description |
|---|---|
Data_0 | — |
Binary | — |
Example Event #
{
"system": {
"provider": "ADWS",
"guid": "",
"event_source_name": "",
"event_id": 1401,
"version": 0,
"level": 4,
"task": 5,
"opcode": 0,
"keywords": 36028797018963968,
"time_created": "2026-03-13T21:48:17.991614+00:00",
"event_record_id": 80,
"correlation": {},
"execution": {
"process_id": 0,
"thread_id": 0
},
"channel": "Active Directory Web Services",
"computer": "LAB-DC01.ludus.domain",
"security": {
"user_id": ""
}
},
"event_data": {
"Data_0": "LAB-DC01.ludus.domain",
"Binary": ""
},
"message": ""
}