Microsoft-Windows-ActiveDirectory_DomainService
26 events across 1 channel
| Event ID | Title | Channel |
|---|---|---|
| 1000 | Directory Service | |
| 1004 | Directory Service | |
| 1394 | Directory Service | |
| 1404 | Directory Service | |
| 1463 | Directory Service | |
| 1869 | Directory Service | |
| 1898 | Directory Service | |
| 2013 | Directory Service | |
| 2014 | Directory Service | |
| 2064 | Directory Service | |
| 2065 | Directory Service | |
| 2120 | Directory Service | |
| 2121 | Directory Service | |
| 2168 | Directory Service | |
| 2172 | Directory Service | |
| 2179 | Directory Service | |
| 2405 | Directory Service | |
| 2406 | Directory Service | |
| 2886 | Directory Service | |
| 2961 | Directory Service | |
| 2962 | Directory Service | |
| 3027 | Directory Service | |
| 3033 | Directory Service | |
| 3041 | Directory Service | |
| 3051 | Directory Service | |
| 3054 | Directory Service |
Event ID 1000 —
Example Event
system:
provider: Microsoft-Windows-ActiveDirectory_DomainService
guid: '{0e8478c5-3605-4e8c-8497-1e730c959516}'
event_source_name: NTDS General
event_id: 1000
version: 0
level: 4
task: 12
opcode: 0
keywords: 9259400833873739776
time_created: '2022-04-07T16:53:16.713907+00:00'
event_record_id: 104
correlation: {}
execution:
process_id: 664
thread_id: 844
channel: Directory Service
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-7
event_data: {}
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1004 —
Example Event
system:
provider: Microsoft-Windows-ActiveDirectory_DomainService
guid: '{0e8478c5-3605-4e8c-8497-1e730c959516}'
event_source_name: NTDS General
event_id: 1004
version: 0
level: 4
task: 12
opcode: 0
keywords: 9259400833873739776
time_created: '2022-04-07T08:38:25.822339+00:00'
event_record_id: 91
correlation: {}
execution:
process_id: 624
thread_id: 1376
channel: Directory Service
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: ''
event_data: {}
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1394 —
Example Event
system:
provider: Microsoft-Windows-ActiveDirectory_DomainService
guid: '{0e8478c5-3605-4e8c-8497-1e730c959516}'
event_source_name: NTDS General
event_id: 1394
version: 0
level: 4
task: 12
opcode: 0
keywords: 9259400833873739776
time_created: '2022-04-07T16:53:46.718824+00:00'
event_record_id: 105
correlation: {}
execution:
process_id: 664
thread_id: 820
channel: Directory Service
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-7
event_data: {}
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1404 —
Example Event
system:
provider: Microsoft-Windows-ActiveDirectory_DomainService
guid: '{0e8478c5-3605-4e8c-8497-1e730c959516}'
event_source_name: NTDS Database
event_id: 1404
version: 0
level: 4
task: 1
opcode: 0
keywords: 9259400833873739776
time_created: '2022-04-07T08:15:15.717005+00:00'
event_record_id: 54
correlation: {}
execution:
process_id: 648
thread_id: 2552
channel: Directory Service
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-7
event_data: {}
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1463 —
Example Event
system:
provider: Microsoft-Windows-ActiveDirectory_DomainService
guid: '{0e8478c5-3605-4e8c-8497-1e730c959516}'
event_source_name: NTDS General
event_id: 1463
version: 0
level: 3
task: 7
opcode: 0
keywords: 9259400833873739776
time_created: '2022-04-07T08:12:33.388787+00:00'
event_record_id: 24
correlation: {}
execution:
process_id: 648
thread_id: 5696
channel: Directory Service
computer: WIN-FPV0DSIC9O6
security:
user_id: S-1-5-7
event_data: {}
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1869 —
Fields
| Name | Description |
|---|---|
Data | — |
Example Event
system:
provider: Microsoft-Windows-ActiveDirectory_DomainService
guid: '{0e8478c5-3605-4e8c-8497-1e730c959516}'
event_source_name: NTDS General
event_id: 1869
version: 0
level: 4
task: 18
opcode: 0
keywords: 9259400833873739776
time_created: '2022-04-07T17:08:18.628934+00:00'
event_record_id: 114
correlation: {}
execution:
process_id: 664
thread_id: 820
channel: Directory Service
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-7
event_data:
Data:
- \\WIN-FPV0DSIC9O6.sigma.fr
- Default-First-Site-Name
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 1898 —
Fields
| Name | Description |
|---|---|
Data | — |
Example Event
system:
provider: Microsoft-Windows-ActiveDirectory_DomainService
guid: '{0e8478c5-3605-4e8c-8497-1e730c959516}'
event_source_name: NTDS General
event_id: 1898
version: 0
level: 4
task: 24
opcode: 0
keywords: 9259400833873739776
time_created: '2022-04-07T08:12:40.147333+00:00'
event_record_id: 32
correlation: {}
execution:
process_id: 648
thread_id: 5696
channel: Directory Service
computer: WIN-FPV0DSIC9O6
security:
user_id: S-1-5-7
event_data:
Data:
- CN=sam-domain,CN=Schema,CN=Configuration,DC=sigma,DC=fr
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 2013 —
Fields
| Name | Description |
|---|---|
Data | — |
Example Event
system:
provider: Microsoft-Windows-ActiveDirectory_DomainService
guid: '{0e8478c5-3605-4e8c-8497-1e730c959516}'
event_source_name: NTDS Database
event_id: 2013
version: 0
level: 4
task: 9
opcode: 0
keywords: 9259400833873739776
time_created: '2022-04-07T08:19:31.474025+00:00'
event_record_id: 57
correlation: {}
execution:
process_id: 648
thread_id: 7164
channel: Directory Service
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-7
event_data:
Data:
- '3'
- 'link_base_and_data_v2_index +link_base link_bdnt_and_base_and_data_v2_index +backlink_DNT
link_dnt_and_base_and_data_v2_index +link_DNT '
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 2014 —
Fields
| Name | Description |
|---|---|
Data | — |
Example Event
system:
provider: Microsoft-Windows-ActiveDirectory_DomainService
guid: '{0e8478c5-3605-4e8c-8497-1e730c959516}'
event_source_name: NTDS Database
event_id: 2014
version: 0
level: 4
task: 9
opcode: 0
keywords: 9259400833873739776
time_created: '2022-04-07T08:19:31.474025+00:00'
event_record_id: 58
correlation: {}
execution:
process_id: 648
thread_id: 7164
channel: Directory Service
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-7
event_data:
Data:
- '3'
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 2064 —
Example Event
system:
provider: Microsoft-Windows-ActiveDirectory_DomainService
guid: '{0e8478c5-3605-4e8c-8497-1e730c959516}'
event_source_name: NTDS Database
event_id: 2064
version: 0
level: 4
task: 9
opcode: 0
keywords: 9259400833873739776
time_created: '2022-04-07T08:14:30.411027+00:00'
event_record_id: 40
correlation:
ActivityID: 7AAB4249-4A57-0000-F449-AB7A574AD801
execution:
process_id: 648
thread_id: 652
channel: Directory Service
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-7
event_data: {}
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 2065 —
Example Event
system:
provider: Microsoft-Windows-ActiveDirectory_DomainService
guid: '{0e8478c5-3605-4e8c-8497-1e730c959516}'
event_source_name: NTDS Database
event_id: 2065
version: 0
level: 4
task: 9
opcode: 0
keywords: 9259400833873739776
time_created: '2022-04-07T08:16:41.560674+00:00'
event_record_id: 55
correlation: {}
execution:
process_id: 648
thread_id: 836
channel: Directory Service
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-7
event_data: {}
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 2120 —
Example Event
system:
provider: Microsoft-Windows-ActiveDirectory_DomainService
guid: '{0e8478c5-3605-4e8c-8497-1e730c959516}'
event_source_name: NTDS General
event_id: 2120
version: 0
level: 4
task: 7
opcode: 0
keywords: 9259400833873739776
time_created: '2022-04-07T16:53:06.664032+00:00'
event_record_id: 99
correlation: {}
execution:
process_id: 664
thread_id: 820
channel: Directory Service
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-7
event_data: {}
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 2121 —
Example Event
system:
provider: Microsoft-Windows-ActiveDirectory_DomainService
guid: '{0e8478c5-3605-4e8c-8497-1e730c959516}'
event_source_name: NTDS General
event_id: 2121
version: 0
level: 4
task: 7
opcode: 0
keywords: 9259400833873739776
time_created: '2022-04-07T16:53:06.617666+00:00'
event_record_id: 94
correlation:
ActivityID: E0AAB88C-4A9F-0000-71B9-AAE09F4AD801
execution:
process_id: 664
thread_id: 668
channel: Directory Service
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-7
event_data: {}
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 2168 —
Fields
| Name | Description |
|---|---|
Data | — |
Example Event
system:
provider: Microsoft-Windows-ActiveDirectory_DomainService
guid: '{0e8478c5-3605-4e8c-8497-1e730c959516}'
event_source_name: NTDS General
event_id: 2168
version: 0
level: 4
task: 7
opcode: 0
keywords: 9259400833873739776
time_created: '2022-04-07T16:53:06.617666+00:00'
event_record_id: 97
correlation:
ActivityID: E0AAB88C-4A9F-0000-71B9-AAE09F4AD801
execution:
process_id: 664
thread_id: 668
channel: Directory Service
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-7
event_data:
Data:
- '2944722192045242455'
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 2172 —
Fields
| Name | Description |
|---|---|
Data | — |
Example Event
system:
provider: Microsoft-Windows-ActiveDirectory_DomainService
guid: '{0e8478c5-3605-4e8c-8497-1e730c959516}'
event_source_name: NTDS General
event_id: 2172
version: 0
level: 4
task: 7
opcode: 0
keywords: 9259400833873739776
time_created: '2022-04-07T16:53:06.617666+00:00'
event_record_id: 98
correlation:
ActivityID: E0AAB88C-4A9F-0000-71B9-AAE09F4AD801
execution:
process_id: 664
thread_id: 668
channel: Directory Service
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-7
event_data:
Data:
- '2944722192045242455'
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 2179 —
Fields
| Name | Description |
|---|---|
Data | — |
Example Event
system:
provider: Microsoft-Windows-ActiveDirectory_DomainService
guid: '{0e8478c5-3605-4e8c-8497-1e730c959516}'
event_source_name: NTDS General
event_id: 2179
version: 0
level: 4
task: 7
opcode: 0
keywords: 9259400833873739776
time_created: '2022-04-07T08:38:25.775344+00:00'
event_record_id: 90
correlation: {}
execution:
process_id: 624
thread_id: 1376
channel: Directory Service
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-7
event_data:
Data:
- '2944722192045242455'
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 2405 —
Fields
| Name | Description |
|---|---|
Data | — |
Example Event
system:
provider: Microsoft-Windows-ActiveDirectory_DomainService
guid: '{0e8478c5-3605-4e8c-8497-1e730c959516}'
event_source_name: NTDS General
event_id: 2405
version: 0
level: 4
task: 7
opcode: 0
keywords: 9259400833873739776
time_created: '2022-04-07T16:53:06.664032+00:00'
event_record_id: 100
correlation: {}
execution:
process_id: 664
thread_id: 820
channel: Directory Service
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-7
event_data:
Data:
- Recycle Bin Feature
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 2406 —
Fields
| Name | Description |
|---|---|
Data | — |
Example Event
system:
provider: Microsoft-Windows-ActiveDirectory_DomainService
guid: '{0e8478c5-3605-4e8c-8497-1e730c959516}'
event_source_name: NTDS General
event_id: 2406
version: 0
level: 4
task: 7
opcode: 0
keywords: 9259400833873739776
time_created: '2022-04-07T16:53:06.617666+00:00'
event_record_id: 95
correlation:
ActivityID: E0AAB88C-4A9F-0000-71B9-AAE09F4AD801
execution:
process_id: 664
thread_id: 668
channel: Directory Service
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-7
event_data:
Data:
- Recycle Bin Feature
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 2886 —
Example Event
system:
provider: Microsoft-Windows-ActiveDirectory_DomainService
guid: '{0e8478c5-3605-4e8c-8497-1e730c959516}'
event_source_name: NTDS General
event_id: 2886
version: 0
level: 3
task: 16
opcode: 0
keywords: 9259400833873739776
time_created: '2022-04-07T16:53:16.713907+00:00'
event_record_id: 102
correlation: {}
execution:
process_id: 664
thread_id: 844
channel: Directory Service
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-7
event_data: {}
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 2961 —
Fields
| Name | Description |
|---|---|
Data | — |
Example Event
system:
provider: Microsoft-Windows-ActiveDirectory_DomainService
guid: '{0e8478c5-3605-4e8c-8497-1e730c959516}'
event_source_name: NTDS Database
event_id: 2961
version: 0
level: 4
task: 9
opcode: 0
keywords: 9259400833873739776
time_created: '2022-04-07T08:19:31.474025+00:00'
event_record_id: 56
correlation: {}
execution:
process_id: 648
thread_id: 7164
channel: Directory Service
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-7
event_data:
Data:
- '8'
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 2962 —
Fields
| Name | Description |
|---|---|
Data | — |
Example Event
system:
provider: Microsoft-Windows-ActiveDirectory_DomainService
guid: '{0e8478c5-3605-4e8c-8497-1e730c959516}'
event_source_name: NTDS Database
event_id: 2962
version: 0
level: 4
task: 9
opcode: 0
keywords: 9259400833873739776
time_created: '2022-04-07T08:19:31.474025+00:00'
event_record_id: 59
correlation: {}
execution:
process_id: 648
thread_id: 7164
channel: Directory Service
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-7
event_data:
Data:
- '8'
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 3027 —
Fields
| Name | Description |
|---|---|
Data | — |
Example Event
system:
provider: Microsoft-Windows-ActiveDirectory_DomainService
guid: '{0e8478c5-3605-4e8c-8497-1e730c959516}'
event_source_name: NTDS General
event_id: 3027
version: 0
level: 4
task: 6
opcode: 0
keywords: 9259400833873739776
time_created: '2022-04-07T17:08:18.628934+00:00'
event_record_id: 113
correlation: {}
execution:
process_id: 664
thread_id: 820
channel: Directory Service
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-7
event_data:
Data:
- '3600'
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 3033 —
Example Event
system:
provider: Microsoft-Windows-ActiveDirectory_DomainService
guid: '{0e8478c5-3605-4e8c-8497-1e730c959516}'
event_source_name: NTDS General
event_id: 3033
version: 0
level: 4
task: 6
opcode: 0
keywords: 9259400833873739776
time_created: '2022-04-07T17:08:18.628934+00:00'
event_record_id: 112
correlation: {}
execution:
process_id: 664
thread_id: 820
channel: Directory Service
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-7
event_data: {}
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 3041 —
Example Event
system:
provider: Microsoft-Windows-ActiveDirectory_DomainService
guid: '{0e8478c5-3605-4e8c-8497-1e730c959516}'
event_source_name: NTDS General
event_id: 3041
version: 0
level: 3
task: 16
opcode: 0
keywords: 9259400833873739776
time_created: '2022-04-07T16:53:16.713907+00:00'
event_record_id: 103
correlation: {}
execution:
process_id: 664
thread_id: 844
channel: Directory Service
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-7
event_data: {}
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 3051 —
Example Event
system:
provider: Microsoft-Windows-ActiveDirectory_DomainService
guid: '{0e8478c5-3605-4e8c-8497-1e730c959516}'
event_source_name: NTDS General
event_id: 3051
version: 0
level: 3
task: 2
opcode: 0
keywords: 9259400833873739776
time_created: '2022-04-07T16:53:06.149082+00:00'
event_record_id: 92
correlation:
ActivityID: E0AAB88C-4A9F-0000-71B9-AAE09F4AD801
execution:
process_id: 664
thread_id: 668
channel: Directory Service
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-7
event_data: {}
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 3054 —
Example Event
system:
provider: Microsoft-Windows-ActiveDirectory_DomainService
guid: '{0e8478c5-3605-4e8c-8497-1e730c959516}'
event_source_name: NTDS General
event_id: 3054
version: 0
level: 3
task: 2
opcode: 0
keywords: 9259400833873739776
time_created: '2022-04-07T16:53:06.149082+00:00'
event_record_id: 93
correlation:
ActivityID: E0AAB88C-4A9F-0000-71B9-AAE09F4AD801
execution:
process_id: 664
thread_id: 668
channel: Directory Service
computer: WIN-FPV0DSIC9O6.sigma.fr
security:
user_id: S-1-5-7
event_data: {}
message: ''
References
- Example event sourced from https://github.com/NextronSystems/evtx-baseline