Audit Detailed Directory Service Replication
Audit Detailed Directory Service Replication determines whether the operating system generates audit events that contain detailed tracking information about data that is replicated between domain controllers.
This audit subcategory can be useful to diagnose replication issues.
Event volume: These events can create a very high volume of event data on domain controllers.
| Computer Type | General Success | General Failure | Stronger Success | Stronger Failure | Comments |
|---|---|---|---|---|---|
| Domain Controller | No | No | IF | IF | IF - Events in this subcategory typically have an informational purpose and it is difficult to detect any malicious activity using these events. It’s mainly used for Active Directory replication troubleshooting. |
| Member Server | No | No | No | No | This subcategory makes sense only on domain controllers. |
| Workstation | No | No | No | No | This subcategory makes sense only on domain controllers. |
Events List:
4928(S, F): An Active Directory replica source naming context was established.
4929(S, F): An Active Directory replica source naming context was removed.
4930(S, F): An Active Directory replica source naming context was modified.
4931(S, F): An Active Directory replica destination naming context was modified.
4934(S): Attributes of an Active Directory object were replicated.
4935(F): Replication failure begins.
4936(S): Replication failure ends.
4937(S): A lingering object was removed from a replica.