Windows Security Log Event ID 4706

Operating Systems	Windows 2008 R2 and 7 Windows 2012 R2 and 8.1 Windows 2016 and 10 Windows Server 2019 and 2022
Category • Subcategory	Policy Change • Authentication Policy Change
Type	Success
Corresponding events in Windows 2003 and before	610

4706: A new trust was created to a domain

On this page

Description of this event
Field level details
Examples

This event is logged for all new trust relationships connecting to this domain. While the description says "Trusted" this event applies to both trusted and trusting relationships as documented by Trust Information:.

Subject:

The ID and logon session of the user that excercised created the trust.

Security ID: The SID of the account.
Account Name: The account logon name.
Account Domain: The domain or - in the case of local accounts - computer name.
Logon ID is a semi-unique (unique between reboots) number that identifies the logon session. Logon ID allows you to correlate backwards to the logon event (4624) as well as with other events logged during the same logon session.

Free Security Log Resources by Randy

Description Fields in 4706

The other domain in this trust relationship which despite the word "Trusted" may be a trusting or trusted domain or both. See Trust Information.

Domain Name: the DNS name of the domain
Domain ID: the pre-Win2k (NetBIOS) name of the domain

Trust Information:

All the information that defines the type of trust, whether it is one way or mutual, transitivity, etc.

Trust Type:

1	TRUST_TYPE_DOWNLEVEL	The other domain is pre-Win2k (NTLM only supported)
2	TRUST_TYPE_UPLEVEL	The other domain is Win2k or later (Windows Kerberos supported)
3	TRUST_TYPE_MIT	Other domain is actually an MIT Kerberos Realm (probably UNIX)
4	TRUST_TYPE_DCE	The trusted domain is a DCE realm

Trust Direction:

Disabled	0x0
Inbound	0x1
Outbound	0x2
Bidirectional	0x3

Trust Attributes:

Supercharger Enterprise

Examples of 4706

Example of tree root trust, bidirectional, transitive

A new trust was created to a domain.

Subject:

   Security ID: ACME-FR\administrator
   Account Name: Administrator
   Account Domain: ACME-FR
   Logon ID: 0x48450

Trusted Domain:

Domain Name: acme.com
Domain ID: ACME\

Trust Information:

   Trust Type: 2
   Trust Direction: 3
   Trust Attributes: 32
   SID Filtering: Disabled

Example of external trust, bi-directional, intransitive

A new trust was created to a domain.

Subject:

   Security ID: ACME-FR\administrator
   Account Name: administrator
   Account Domain: ACME-FR
   Logon ID: 0x20f9d

Trusted Domain:

Domain Name: mtg.local
Domain ID: MTG\

Trust Information:

   Trust Type: 2
   Trust Direction: 3
   Trust Attributes: 4
   SID Filtering: Enabled

Top 10 Windows Security Events to Monitor

Free Tool for Windows Event Collection

Mini-Seminars Covering Event ID 4706

Building a Security Dashboard for Your Senior Executives

Upcoming Webinars

Additional Resources

Encyclopedia

•	Event IDs
•	All Event IDs
•	Audit Policy

Go To Event ID:

Must be a 1-5 digit number No such event ID

Security Log
Quick Reference
Chart
Download now!

User name:
Password:
	/ Forgot?
	Register

December 2024 Patch Tuesday	"Patch Tuesday - 2 Zero Days...See You in 2025! " - sponsored by LOGbinder

Follow @randyfsmith

About | Newsletter | Contact

Ultimate IT Security is a division of Monterey Technology Group, Inc. ©2006-2024 Monterey Technology Group, Inc. All rights reserved.
Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. For complaints, please contact abuse@ultimatewindowssecurity.com.