detection.wiki

Microsoft-Windows-Directory-Services-SAM › Event 16401

Event ID 16401 — An error occurred when trying to add the account Name to the group AccountName.

Provider
Microsoft-Windows-Directory-Services-SAM
Channel
System
Level
Informational

Description

An error occurred when trying to add the account Name to the group AccountName. The problem, "GroupName", occurred when trying to open the group. Please add the account manually.

Message #

An error occurred when trying to add the account %1 to the group %2. The problem, "%3", occurred when trying to open the group. Please add the account manually.

Fields #

NameDescription
Name
AccountName UnicodeString
GroupName UnicodeString
ErrorMessage UnicodeString
Binary

Example Event #

{
  "system": {
    "provider": "Microsoft-Windows-Directory-Services-SAM",
    "guid": "0D4FDC09-8C27-494A-BDA0-505E4FD8ADAE",
    "event_source_name": "",
    "event_id": 16401,
    "version": 0,
    "level": 4,
    "task": 0,
    "opcode": 0,
    "keywords": 9223372036854775808,
    "time_created": "2022-04-07T08:14:31.641248+00:00",
    "event_record_id": 628,
    "correlation": {},
    "execution": {
      "process_id": 648,
      "thread_id": 652
    },
    "channel": "System",
    "computer": "WIN-FPV0DSIC9O6.lab.local",
    "security": {
      "user_id": "S-1-5-18"
    }
  },
  "event_data": {
    "Name": "SAMMSG_MEMBERSHIP_SETUP_ERROR_NO_GROUP",
    "AccountName": "INTERNET USER",
    "GroupName": "IIS_IUSRS",
    "ErrorMessage": "The specified local group does not exist.\r\n",
    "Binary": "60050000"
  },
  "message": ""
}

References #