Audit Policy: DS Access: Detailed Directory Service ReplicationID: oval:org.secpod.oval:def:19035 | Date: (C)2014-05-29 (M)2021-06-02 |
Class: COMPLIANCE | Family: windows |
Auditing of DS Access: Detailed Directory Service Replication events on success should be enabled or disabled as appropriate.
This subcategory reports detailed information about the information replicating between domain controllers. These events can be very high in volume. Events for this subcategory include: - 4928: An Active Directory replica source naming context was established. - 4929 : An Active Directory replica source naming context was removed. - 4930 : An Active Directory replica source naming context was modified. - 4931 : An Active Directory replica destination naming context was modified. - 4934 : Attributes of an Active Directory object were replicated. - 4935 : Replication failure begins. - 4936 : Replication failure ends. - 4937 : A lingering object was removed from a replica. Refer to the Microsoft Knowledgebase article Description of security events in Windows Vista and in Windows Server 2008 for the most recent information about this setting: http://support.microsoft.com/default.aspx/kb/947226.
Fix:
(1) GPO: Commandline: auditpol.exe
(2) REG: NO INFO
Platform: |
Microsoft Windows Server 2008 R2 |