Not all User account attribute changes are... Expand / Collapse
Posted 10/9/2019 1:31:56 PM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: Forum Members
Last Login: 10/9/2019 10:23:51 AM
Posts: 2, Visits: 0
Only certain attribute changes are logged with event id 4738. I can edit other user attributes and nothing is logged in security event log. Any ideas??? I need to track all attribute changes. Thank you
Post #8597
Posted 10/21/2019 10:27:51 AM
Junior Member

Junior MemberJunior MemberJunior MemberJunior MemberJunior MemberJunior MemberJunior MemberJunior Member

Group: Administrators
Last Login: 4/13/2009 5:07:47 PM
Posts: 23, Visits: 0

Only the event fields in the event will be logged. This is what Microsoft says about the event fields:

This event generates every time user object is changed.

This event generates on domain controllers, member servers, and workstations.

For each change, a separate 4738 event will be generated.

You might see this event without any changes inside, that is, where all Changed Attributes apear as “-“. This usually happens when a change is made to an attribute that is not listed in the event. In this case there is no way to determine which attribute was changed. For example, if the discretionary access control list (DACL) is changed, a 4738 event will generate, but all attributes will be “-“.

Some changes do not invoke a 4738 event.
Post #8599
« Prev Topic | Next Topic »

Permissions Expand / Collapse

All times are GMT -5:00, Time now is 9:37pm

Upcoming Webinars
    Additional Resources