Hi all,

One user was fired and disabled this user (ex:ben).

I checked the domain controllr's security log and found out that this event
log under another user rsmith:

Event Type: Failure Audit
Event Source: Security
Event Category: Directory Service Access
Event ID: 566
Date: 10/28/2009
Time: 12:56:07 PM
User: mydomain\rsmith
Computer: domain controller name
Description:
Object Operation:
Object Server: DS
Operation Type: Object Access
Object Type: user
Object Name: CN=gadmin,OU=Admins,OU=it,DC=mydomain,DC=local
Handle ID: -
Primary User Name: domaincontroller$
Primary Domain: mycompanydomain
Primary Logon ID: (0x0,0x3E7)
Client User Name: rsmith
Client Domain: mycompanydomain
Client Logon ID: (0x0,0x72FE3F0)
Accesses: Control Access

Properties:
---
Default property set
unixUserPassword
user

Additional Info:
Additional Info2:
Access Mask: 0x100


For more information, see Help and Support Center at
http://go.microsoft.com/fwlink/events.asp.
___________________________

Is this a very concern? Lots of failure adudit relating to directory
service access.

How should I do the next?

thank you!

Howdie!

John schrieb:

Quote:

I checked the domain controllr's security log and found out that this event log under another user rsmith: Event Type: Failure Audit Event Source: Security Event Category: Directory Service Access Event ID: 566 Date: 10/28/2009 Time: 12:56:07 PM User: mydomain\rsmith Computer: domain controller name [...]

It is a failure audit that the given user (or an application in the
user's context) tried to access the directory object. I found an
interesting article on this:
http://forums.techarena.in/active-directory/657554.htm

Cheers,
Florian
--
Microsoft MVP - Group Policy
eMail: prename [at] frickelsoft [dot] net.
blog: http://www.frickelsoft.net/blog.
ANY advice you get on the Newsgroups should be tested thoroughly in your
lab.

I haven't seen this before but there is a bit of help in the link below:
http://www.eventid.net/display.asp?eventid=566&eventno=4015&source=Security&phase=1

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"John" <John@discussions.microsoft.com> wrote in message
news:24488DE3-AF82-4AAA-8659-6EB21AA336D2@microsoft.com...

Quote:

Hi all, One user was fired and disabled this user (ex:ben). I checked the domain controllr's security log and found out that this event log under another user rsmith: Event Type: Failure Audit Event Source: Security Event Category: Directory Service Access Event ID: 566 Date: 10/28/2009 Time: 12:56:07 PM User: mydomain\rsmith Computer: domain controller name Description: Object Operation: Object Server: DS Operation Type: Object Access Object Type: user Object Name: CN=gadmin,OU=Admins,OU=it,DC=mydomain,DC=local Handle ID: - Primary User Name: domaincontroller$ Primary Domain: mycompanydomain Primary Logon ID: (0x0,0x3E7) Client User Name: rsmith Client Domain: mycompanydomain Client Logon ID: (0x0,0x72FE3F0) Accesses: Control Access Properties: --- Default property set unixUserPassword user Additional Info: Additional Info2: Access Mask: 0x100 For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp. ___________________________ Is this a very concern? Lots of failure adudit relating to directory service access. How should I do the next? thank you!