Event ID 609 —

{
  "system": {
    "provider": "NTDS ISAM",
    "guid": "",
    "event_source_name": "",
    "event_id": 609,
    "version": 0,
    "level": 4,
    "task": 5,
    "opcode": 0,
    "keywords": 36028797018963968,
    "time_created": "2022-04-07T08:12:33.307771+00:00",
    "event_record_id": 14,
    "correlation": {},
    "execution": {
      "process_id": 0,
      "thread_id": 0
    },
    "channel": "Directory Service",
    "computer": "WIN-FPV0DSIC9O6",
    "security": {
      "user_id": ""
    }
  },
  "event_data": {
    "Data": [
      "NTDS",
      "648,D,50",
      "NTDSA: ",
      "C:\\Windows\\NTDS\\ntds.dit",
      "10",
      "0",
      "20348",
      "0",
      "10",
      "0",
      "20348",
      "0"
    ]
  },
  "message": ""
}