Microsoft-Windows-Search-ProfileNotify

14 events across 2 channels

Event ID	Title	Channel
1		Operational
1		Application
2		Operational
3		Operational
4		Operational
5		Operational
5		Application
6		Operational
1073741825	Windows Search Service indexed data for user '.	Operational
1073741827	Windows Search Service indexed data for user '.	Operational
1073741829	Windows Search Service has created default configuration for new user '.	Operational
3221225474	Unable to remove Windows Search Service indexed data for user '.	Operational
3221225476	Unable to migrate Windows Search Service indexed data for user '.	Operational
3221225478	Windows Search Service failed to create default configuration for new user '.	Operational

Event ID 1 —

Provider: Microsoft-Windows-Search-ProfileNotify
Channel: Operational

Fields

Name	Description
`User`	—
`__binLength`	—
`binary`	—

Event ID 1 —

Provider: Microsoft-Windows-Search-ProfileNotify
Channel: Application
Level: 4
Samples: 1

Fields

Name	Description
`Data`	—
`Binary`	—

Example Event

system:
  provider: Microsoft-Windows-Search-ProfileNotify
  guid: '{FC6F77DD-769A-470E-BCF9-1B6555A118BE}'
  event_source_name: Windows Search Service Profile Notification
  event_id: 1
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 36028797018963968
  time_created: '2026-01-28T02:48:17.613445+00:00'
  event_record_id: 194
  correlation: {}
  execution:
    process_id: 1568
    thread_id: 0
  channel: Application
  computer: WIN11-22H2-X64
  security:
    user_id: ''
event_data:
  Data:
    Name: User
    Value: S-1-5-21-3407486967-1585450050-1838039599-1001
  Binary: ''
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 2 —

Provider: Microsoft-Windows-Search-ProfileNotify
Channel: Operational

Fields

Name	Description
`UserAccount`	—
`ErrorCode`	—
`ErrorMessage`	—
`__binLength`	—
`binary`	—

Event ID 3 —

Provider: Microsoft-Windows-Search-ProfileNotify
Channel: Operational

Fields

Name	Description
`OldUserAccount`	—
`NewUserAccount`	—
`__binLength`	—
`binary`	—

Event ID 4 —

Provider: Microsoft-Windows-Search-ProfileNotify
Channel: Operational

Fields

Name	Description
`OldUserAccount`	—
`NewUserAccount`	—
`ErrorCode`	—
`ErrorMessage`	—
`__binLength`	—
`binary`	—

Event ID 5 —

Provider: Microsoft-Windows-Search-ProfileNotify
Channel: Operational

Fields

Name	Description
`User`	—
`__binLength`	—
`binary`	—

Event ID 5 —

Provider: Microsoft-Windows-Search-ProfileNotify
Channel: Application
Level: 4
Samples: 1

Fields

Name	Description
`Data`	—
`Binary`	—

Example Event

system:
  provider: Microsoft-Windows-Search-ProfileNotify
  guid: '{FC6F77DD-769A-470E-BCF9-1B6555A118BE}'
  event_source_name: Windows Search Service Profile Notification
  event_id: 5
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 36028797018963968
  time_created: '2023-11-05T22:28:53.559335+00:00'
  event_record_id: 1483
  correlation: {}
  execution:
    process_id: 1852
    thread_id: 0
  channel: Application
  computer: WinDev2310Eval
  security:
    user_id: ''
event_data:
  Data:
    Name: User
    Value: WINDEV2310EVAL\User
  Binary: ''
message: ''

References

Example event sourced from https://github.com/NextronSystems/evtx-baseline

Event ID 6 —

Provider: Microsoft-Windows-Search-ProfileNotify
Channel: Operational

Fields

Name	Description
`UserAccount`	—
`ErrorCode`	—
`ErrorMessage`	—
`__binLength`	—
`binary`	—

Event ID 1073741825 — Windows Search Service indexed data for user '.

Provider: Microsoft-Windows-Search-ProfileNotify
Channel: Operational

Message

Windows Search Service indexed data for user '%1' successfully removed in response to user profile deletion.

Fields

Name	Description
`User`	—
`binary`	—

Event ID 1073741827 — Windows Search Service indexed data for user '.

Provider: Microsoft-Windows-Search-ProfileNotify
Channel: Operational

Message

Windows Search Service indexed data for user '%1' successfully migrated to user '%2' in response to user profile migration.

Fields

Name	Description
`OldUserAccount`	—
`NewUserAccount`	—
`binary`	—

Event ID 1073741829 — Windows Search Service has created default configuration for new user '.

Provider: Microsoft-Windows-Search-ProfileNotify
Channel: Operational

Message

Windows Search Service has created default configuration for new user '%1' .

Fields

Name	Description
`User`	—
`binary`	—

Event ID 3221225474 — Unable to remove Windows Search Service indexed data for user '.

Provider: Microsoft-Windows-Search-ProfileNotify
Channel: Operational

Message

Unable to remove Windows Search Service indexed data for user '%1' in response to user profile deletion.  Error code %2.

%3.

Fields

Name	Description
`UserAccount`	—
`ErrorCode`	—
`ErrorMessage`	—
`binary`	—

Event ID 3221225476 — Unable to migrate Windows Search Service indexed data for user '.

Provider: Microsoft-Windows-Search-ProfileNotify
Channel: Operational

Message

Unable to migrate Windows Search Service indexed data for user '%1' to user '%2' in response to user profile migration.  Error code %3.

%4.

Fields

Name	Description
`OldUserAccount`	—
`NewUserAccount`	—
`ErrorCode`	—
`ErrorMessage`	—
`binary`	—

Event ID 3221225478 — Windows Search Service failed to create default configuration for new user '.

Provider: Microsoft-Windows-Search-ProfileNotify
Channel: Operational

Message

Windows Search Service failed to create default configuration for new user '%1' in response to user profile creation.  Error code %2.

%3.

Fields

Name	Description
`UserAccount`	—
`ErrorCode`	—
`ErrorMessage`	—
`binary`	—