{
"system": {
"provider": "Microsoft-Windows-PowerShell",
"guid": "A0C1853B-5C40-4B15-8766-3CF1C58F985A",
"event_source_name": "",
"event_id": 4100,
"version": 1,
"level": 3,
"task": 106,
"opcode": 19,
"keywords": 0,
"time_created": "2022-04-07T17:04:47.579256+00:00",
"event_record_id": 144,
"correlation": {
"ActivityID": "E0AAB88C-4A9F-0000-0BCA-AAE09F4AD801"
},
"execution": {
"process_id": 380,
"thread_id": 3624
},
"channel": "Microsoft-Windows-PowerShell/Operational",
"computer": "WIN-FPV0DSIC9O6.lab.local",
"security": {
"user_id": "S-1-5-21-2121334350-1110938707-2888912545-500"
}
},
"event_data": {
"ContextInfo": " Severity = Warning\r\n Host Name = ADMUX\r\n Host Version = 1.0.0.0\r\n Host ID = 2e800f71-2f5c-4821-bd98-9e3b61b6b054\r\n Host Application = C:\\Windows\\system32\\dsac.exe\r\n Engine Version = 5.1.20348.617\r\n Runspace ID = 4e800c4b-dc8b-408d-8e82-38150ba7d4fe\r\n Pipeline ID = 31\r\n Command Name = Set-ADAccountPassword\r\n Command Type = Cmdlet\r\n Script Name = \r\n Command Path = \r\n Sequence Number = 23\r\n User = SIGMA\\Administrator\r\n Connected User = \r\n Shell ID = Microsoft.PowerShell\r\n",
"UserData": "",
"Payload": "Error Message = The password does not meet the length, complexity, or history requirement of the domain.\r\nFully Qualified Error ID = ActiveDirectoryServer:1325,Microsoft.ActiveDirectory.Management.Commands.SetADAccountPassword\r\n"
},
"message": ""
}