Language=English

Events in Active Roles Server 6.7 Contents Events in Active Roles Server 6.7 .................................................................................................................. 1 Categories ................................................................................................................................................. 2 User change tracking events (obsolete) ............................................................................................... 3 Backward compatibility events (obsolete)............................................................................................ 4 User actions (obsolete) ......................................................................................................................... 4 Group actions (obsolete) ...................................................................................................................... 5 Computer account actions (obsolete) .................................................................................................. 6 Common object actions ........................................................................................................................ 7 Events ...................................................................................................................................................... 11 Task related event messages .............................................................................................................. 11 Success Audit events (obsolete) ......................................................................................................... 16 Success Audit events for ActiveRoles Server Reporting component, tracking changes reports ........ 17 Audit Failure events ............................................................................................................................ 26 Error codes/events.............................................................................................................................. 28 Temporal Group Membership events................................................................................................. 53 Workflow specific events .................................................................................................................... 59 Activity specific events ........................................................................................................................ 64 License events ..................................................................................................................................... 68 Comparison of Windows Security Log and EDM Server Log events (examples) .................................... 73 Security Log Event: A user account was enabled using ADUC. ........................................................... 73 EDM Server Log Event: A user account was enabled using ARS MMC. .............................................. 74 Security Log Event: A user account was disabled using ADUC. .......................................................... 76 EDM Server Log Event: A user account was disabled using ARS MMC............................................... 77 Security Log Event: A member was added to a security-enabled global group using ADUC. ............ 78 EDM Server Log Event: A member was added to a security-enabled global group using ARS MMC. 79 Security Log Event: Password reset using ADUC ................................................................................ 81 EDM Server Log Event: Password reset using ARS MMC .................................................................... 82 Security Log Event: A user account was changed using ADUC (Home Directory attribute). .............. 83 EDM Server Log Event: A user account was changed using ARS MMC (Home Directory attribute). 85 Security Log Event: A user account was created using ADUC............................................................. 86 EDM Server Log Event: A user account was created ARS MMC. ........................................................ 88 Security Log Event: A user account was deleted using ADUC............................................................. 90 EDM Server Log Event: A user account was deleted using ARS MMC. ............................................... 91 Security Log Event: A user account was created using New-ADuser cmdlets .................................... 92 EDM Server Log Event: A user account was created using New-QADUser in proxy mode. ............... 94 Security Log Event: A user account was changed using Set-ADUser cmdlets (Description, City). ..... 96 EDM Server Log Event: A user account was changed using Set-QADUser cmdlet in proxy mode (City, Description). ........................................................................................................................................ 98 Security Log Event: A user account was deleted using Remove-ADUser cmdlet. .............................. 99 EDM Server Log Event: A user account was deleted using Remove-QADObject in proxy mode. .... 100 Examples of Active Roles specific events .............................................................................................. 101 Attestation Review started ............................................................................................................... 102 Workflow instance has been successfully completed ...................................................................... 102 Workflow instance has been started. ............................................................................................... 103 Workflow instance has been successfully completed. ..................................................................... 105 Execution of workflow instance failed. ............................................................................................. 106 Attestor certified object during Attestation Review......................................................................... 107 Scheduled task has been started. ..................................................................................................... 108 Categories This part of document contains Category’s descriptions (1-99 - common categories) MessageId=0 SymbolicName=CATEGORY_NONE Language=English None . MessageId=1 SymbolicName=CATEGORY_SECURITY Language=English Security . MessageId=2 SymbolicName=CATEGORY_POLICY Language=English Policy . User change tracking events (obsolete) MessageId=3 SymbolicName=_OBSOLETE_CATEGORY_USER_CREATE Language=English UserCreate . MessageId=4 SymbolicName=_OBSOLETE_CATEGORY_USER_DELETE Language=English UserDelete . MessageId=5 SymbolicName=_OBSOLETE_CATEGORY_USER_COPY Language=English UserCopy . MessageId=6 SymbolicName=_OBSOLETE_CATEGORY_USER_SET_INFO Language=English UserSetInfo . MessageId=7 SymbolicName=_OBSOLETE_CATEGORY_USER_MOVE Language=English UserMove . Backward compatibility events (obsolete) MessageId=8 SymbolicName=CATEGORY_SERVICE Language=English Service . MessageId=9 SymbolicName=CATEGORY_CONNECT_DISCONNECT Language=English Connect/Disconnect . User actions (obsolete) MessageId=10 SymbolicName=_OBSOLETE_CATEGORY_USER_RENAME Language=English UserRename . Group actions (obsolete) MessageId=11 SymbolicName=_OBSOLETE_CATEGORY_GROUP_CREATE Language=English GroupCreate . MessageId=12 SymbolicName=_OBSOLETE_CATEGORY_GROUP_DELETE Language=English GroupDelete . MessageId=13 SymbolicName=_OBSOLETE_CATEGORY_GROUP_SET_INFO Language=English GroupSetInfo . MessageId=14 SymbolicName=_OBSOLETE_CATEGORY_GROUP_MOVE Language=English GroupMove . MessageId=15 SymbolicName=_OBSOLETE_CATEGORY_GROUP_RENAME Language=English GroupRename . Computer account actions (obsolete) MessageId=16 SymbolicName=_OBSOLETE_CATEGORY_COMPUTER_CREATE Language=English ComputerCreate . MessageId=17 SymbolicName=_OBSOLETE_CATEGORY_COMPUTER_DELETE Language=English ComputerDelete . MessageId=18 SymbolicName=_OBSOLETE_CATEGORY_COMPUTER_SET_INFO Language=English ComputerSetInfo . MessageId=19 SymbolicName=_OBSOLETE_CATEGORY_COMPUTER_MOVE Language=English ComputerMove . MessageId=20 SymbolicName=_OBSOLETE_CATEGORY_COMPUTER_RENAME Language=English ComputerRename . Common object actions MessageId=21 SymbolicName=CATEGORY_OBJECT_CREATE Language=English ObjectCreate . MessageId=22 SymbolicName=CATEGORY_OBJECT_DELETE Language=English ObjectDelete . MessageId=23 SymbolicName=CATEGORY_OBJECT_COPY Language=English ObjectCopy . MessageId=24 SymbolicName=CATEGORY_OBJECT_SET_INFO Language=English ObjectSetInfo . MessageId=25 SymbolicName=CATEGORY_OBJECT_MOVE Language=English ObjectMove . MessageId=26 SymbolicName=CATEGORY_OBJECT_RENAME Language=English ObjectRename . MessageId=27 SymbolicName=CATEGORY_SCHEDULED_TASK Language=English ScheduledTask . MessageId=28 SymbolicName=CATEGORY_PROVISIONING Language=English Provisioning . MessageId=29 SymbolicName=CATEGORY_DEPROVISIONING Language=English Deprovisioning . MessageId=30 SymbolicName=CATEGORY_DYNAMIC_GROUPS Language=English DynamicGroups . MessageId=31 SymbolicName=CATEGORY_GROUP_FAMILY Language=English GroupFamily . MessageId=32 SymbolicName=CATEGORY_DB_CONNECTION Language=English DatabaseConnection . MessageId=33 SymbolicName=CATEGORY_ATTESTATION_REVIEW Language=English AttestationReview . MessageId=34 SymbolicName=CATEGORY_UNDEPROVISIONING Language=English Un-deprovisioning . MessageId=35 SymbolicName=CATEGORY_TEMPORAL_GROUP_MEMBERSHIPS Language=English Temporal Group Memberships . MessageId=36 SymbolicName=CATEGORY_WORKFLOW Language=English Workflow . MessageId=37 SymbolicName=CATEGORY_OBJECT_UNDELETE Language=English ObjectUnDelete . MessageId=38 SymbolicName=CATEGORY_OPERATION Language=English Operation . MessageId=39 SymbolicName=CATEGORY_GROUP_MEMBERSHIP_CHANGE Language=English GroupMembershipChange . MessageId=40 SymbolicName=CATEGORY_SELF_GROUP_MEMBERSHIP_CHANGE Language=English SelfGroupMembershipChange . MessageId=41 SymbolicName=CATEGORY_APPROVAL_MAIL_FLOW Language=English ApprovalMailFlow . Events This part of document contains events’ descriptions (100..1000 - object actions) Task related event messages MessageId=1000 Severity=Success SymbolicName=EVENT_SERVICE_STARTED Language=English ActiveRoles Server %1 %nAdministration Service is successfully started. %nBuilding domain information is in progress. . MessageId=1001 Severity=Success SymbolicName=EVENT_SERVICE_STOPPED Language=English ActiveRoles Server Administration Service is stopped. . MessageId=1002 Severity=Success SymbolicName=EVENT_EXE_STARTED Language=English ActiveRoles Server %1 %nAdministration Service is started as DCOM local server. %nBuilding domain information is in progress. . MessageId=1003 Severity=Success SymbolicName=EVENT_USER_CONNECT Language=English User is connected to ActiveRoles Server Administration Service. %nUser ID: %1 %nLogon ID: %2 %n%3 //Not used in current version (empty) . MessageId=1004 Severity=Success SymbolicName=EVENT_USER_DISCONNECT Language=English User is disconnected from ActiveRoles Server Administration Service. %nUser ID: %1 %nLogon ID: %2 . MessageId=1005 Severity=Success SymbolicName=_OBSOLETE_EVENT_MANAGED_DOMAIN_SPECIFICS Language=English ActiveRoles Server Administration Service has selected domain controller to manage domain. %nDomain controller: %1 %nDomain %2 . MessageId=1006 Severity=Success SymbolicName=EVENT_SERVICE_INITED Language=English ActiveRoles Server Administration Service has successfully completed building startup information. . MessageId=1007 Severity=Success SymbolicName=EVENT_LICENSE_INFO Language=English ActiveRoles Server license information is retrieved. %nLicense expires on: %1 %nMaximum allowed number of enabled user accounts: %2 %nTotal number of enabled user accounts in all managed domains: %3 %nInformation collected from these managed domains: %4 . MessageId=1008 Severity=Success SymbolicName=EVENT_LICENSE_INFO_INSTALLED Language=English ActiveRoles Server license is successfully installed. . MessageId=1009 Severity=Success SymbolicName=EVENT_BETA_INSTALLED Language=English This is BETA version of ActiveRoles Server. %nThis BETA version will expire in %1 days. . MessageId=1010 Severity=Success SymbolicName=EVENT_MANAGED_DOMAIN_SPECIFICS_EX Language=English ActiveRoles Server Administration Service has selected domain controller to manage domain. %nDomain controller: %1 %nDomain: %2 %nForest: %3 %nDomain controller site: %4 %nGlobal Catalog server: %5 %nGlobal Catalog site: %6 . MessageId=1011 Severity=Success SymbolicName=EVENT_SCHEMA_CHANGES_DETECTED_ON_STARTUP Language=English Rebuild of the ActiveRoles Server schema is started.%n %nInformation used for this build of the schema: %nVersion of built-in schema: %1 %nVersion of virtual schema: %2 %n%3 %n%n%n%4 //Example: . MessageId=1012 Severity=Success SymbolicName=EVENT_LOOKUP_DSADMIN_ACCOUNT_FAILED Language=English Failed to look up the AR Server Admin account: %n'%1' %nAccount name is expected in this registry value: HKLM\SOFTWARE\Aelita\Enterprise Directory Manager\DSAdministrators%n %nDefault group is used as AR Server Admin: BUILTIN\Administrators . MessageId=1013 Severity=Success SymbolicName=EVENT_SERVICE_STOPPED_ON_STARTUP Language=English ActiveRoles Server Administration Service has stopped because of fatal error during startup process. . Success Audit events (obsolete) MessageId=1500 Severity=Success SymbolicName=_OBSOLETE_EVENT_OBJECT_CREATED Language=English Object DN: %1%nObject Type: %2%nAction: %3%nAttributes: %4 . MessageId=1501 Severity=Success SymbolicName=_OBSOLETE_EVENT_OBJECT_COPIED Language=English Object DN: %1%nObject Type: %2%nAction: %3%nOriginal Object DN: %4%nAttributes: %5 . MessageId=1502 Severity=Success SymbolicName=_OBSOLETE_EVENT_OBJECT_SET_INFO Language=English Object DN: %1%nObject Type: %2%nAction: %3%nAttributes: %4 . MessageId=1503 Severity=Success SymbolicName=_OBSOLETE_EVENT_OBJECT_DELETED Language=English Object DN: %1%nObject Type: %2%nAction: %3 . MessageId=1504 Severity=Success SymbolicName=_OBSOLETE_EVENT_OBJECT_RENAMED Language=English Object DN: %1%nObject Type: %2%nAction: %3%nNew Name: %4 . MessageId=1505 Severity=Success SymbolicName=_OBSOLETE_EVENT_OBJECT_MOVED Language=English Object DN: %1%nObject Type: %2%nAction: %3%nTarget Container DN: %4 . Success Audit events for ActiveRoles Server Reporting component, tracking changes reports MessageId=1510 Severity=Success SymbolicName=EVENT_OBJECT_CREATED_REPORTING Language=English Object is created. %nOperation GUID: %1 %nObject name: %2 %nParent container: %3 %nObject class: %4 %nObject GUID: %5 . MessageId=1511 Severity=Success SymbolicName=EVENT_OBJECT_COPIED_REPORTING Language=English Object is copied. %nOperation GUID: %1 %nName of copy object: %2 %nParent container: %3 %nObject class: %4 %nObject GUID: %5 %nOriginal object: %6 . MessageId=1512 Severity=Success SymbolicName=EVENT_OBJECT_SET_INFO_REPORTING Language=English Object is modified. %nOperation GUID: %1 %nObject name: %2 %nParent container: %3 %nObject class: %4 %nObject GUID: %5 . MessageId=1513 Severity=Success SymbolicName=EVENT_OBJECT_DELETED_REPORTING Language=English Object is deleted. %nOperation GUID: %1 %nObject name: %2 %nParent container: %3 %nObject class: %4 %nObject GUID: %5 . NOTE: If object was renamed, the following event is reported, and new object name is reported as EVENT_ATTRIBUTE_CHANGED_REPORTING with attribute name "name" and new name as value MessageId=1514 Severity=Success SymbolicName=EVENT_OBJECT_RENAMED_REPORTING Language=English Object is renamed. %nOperation GUID: %1 %nOriginal name: %2 %nParent container: %3 %nObject class: %4 %nObject GUID: %5 %nNew name: %6 . MessageId=1515 Severity=Success SymbolicName=EVENT_OBJECT_MOVED_REPORTING Language=English Object is moved. %nOperation GUID: %1 %nObject name: %2 %nOriginal container: %3 %nObject class: %4 %nObject GUID: %5 %nDestination container: %6 . MessageId=1516 Severity=Success SymbolicName=_OBSOLETE_EVENT_ATTRIBUTE_INITIALIZED_REPORTING Language=English Attribute is set to a certain value. %nOperation GUID: %1 %nAttribute name: %2 %nAttribute value: %3 . NOTE: Action options: Update, Clear, Append, Delete. Update - replaces all current attribute values with the new values specified Clear - deletes all current attribute values, no new values are specified Append - appends new values to the list of current attribute values Delete - deletes specified values from the list of current attribute values MessageId=1517 Severity=Success SymbolicName=EVENT_ATTRIBUTE_CHANGED_REPORTING Language=English Attribute is modified. %nOperation GUID: %1 %nAttribute name: %2 %nAttribute value: %3 %nAction: %4 . MessageId=1518 Severity=Success SymbolicName=_OBSOLETE_EVENT_ATTRIBUTE_CHANGED_ON_COPING_REPORTING Language=English Attribute set.%nOperation GUID: %1%nAttribute name: %2%nAttribute value: %3 . MessageId=1519 Severity=Success SymbolicName=EVENT_POLICY_TRACE Language=English Script policy has reported an event. %nOperation GUID: %1 %nObject name: %2 %nParent container: %3 %nObject class: %4 %nObject GUID: %5 %nScript Module: %6 %n%7 //User Defined Parameter (Used in Request.ReportEvent/EventLog.ReportEvent) %n%8 //User Defined Parameter (Used in Request.ReportEvent/EventLog.ReportEvent) %n%9 //User Defined Parameter (Used in Request.ReportEvent/EventLog.ReportEvent) . MessageId=1520 Severity=Success SymbolicName=EVENT_RECONSTRUCT_DOMAIN_COMPLETED Language=English Operation on domain registration data is successfully completed. %nOperation: %1 %nDomain: %2 . MessageId=1521 Severity=Success SymbolicName=EVENT_TASK_TRACE Language=English Scheduled task has reported an event. %nTask ID: %1 %nObject name: %2 %nStart date: %3 %nStart time: %4 %nScript module: %5 %n%6 //Scheduled Task specific string (example: “Task execution was completed”) %n%7 //Not used %n%8 //Not used . MessageId=1522 Severity=Success SymbolicName=EVENT_OBJECT_DEPROVISIONED_REPORTING Language=English Object is deprovisioned. %nOperation GUID: %1 %nObject name: %2 %nParent container: %3 %nObject class: %4 %nObject GUID: %5 . MessageId=1523 Severity=Success SymbolicName=EVENT_OBJECT_UNDEPROVISIONED_REPORTING Language=English Object is un-deprovisioned. %nOperation GUID: %1 %nObject name: %2 %nParent container: %3 %nObject class: %4 %nObject GUID: %5 . MessageId=1524 Severity=Success SymbolicName=EVENT_OBJECT_UNDELETED_REPORTING Language=English Deleted object is restored (undeleted). %nOperation GUID: %1 %nObject name: %2 %nRestored to: %3 %nObject class: %4 %nObject GUID: %5 . MessageId=1525 Severity=Success SymbolicName=EVENT_MEMBERS_ADDED_TO_GROUP_REPORTING Language=English Members added to group. %nOperation GUID: %1 %nGroup name: %2 %nParent container: %3 %nGroup object GUID: %4 %nMembers: %n%5 . MessageId=1526 Severity=Success SymbolicName=EVENT_MEMBERS_REMOVED_FROM_GROUP_REPORTING Language=English Members removed from group. %nOperation GUID: %1 %nGroup name: %2 %nParent container: %3 %nGroup object GUID: %4 %nMembers: %n%5 . MessageId=1527 Severity=Success SymbolicName=EVENT_USER_JOINED_GROUP_REPORTING Language=English User added self to group. %nOperation GUID: %1 %nGroup name: %2 %nParent container: %3 %nGroup object GUID: %4 %nUser: %5 . MessageId=1528 Severity=Success SymbolicName=EVENT_USER_LEFT_GROUP_REPORTING Language=English User removed self from group. %nOperation GUID: %1 %nGroup name: %2 %nParent container: %3 %nGroup object GUID: %4 %nUser: %5 . MessageId=1531 Severity=Error SymbolicName=EVENT_EWS_CONNECTION_FAILED Language=English Administration Service cannot connect to Exchange Web Services. Administration Service will retry the connection attempt on a periodic basis. %nExchange Web Services address: %1 %nActiveRoles Server mailbox: %2 %nDetails: %n%3 . MessageId=1532 Severity=Success SymbolicName=EVENT_EWS_CONNECTION_RESTORED Language=English Administration Service successfully restored connection to Exchange Web Services; going to retrieve email. %nExchange Web Services address: %1 %nActiveRoles Server mailbox: %2 . MessageId=1533 Severity=Error SymbolicName=EVENT_EWS_EMAIL_PROCESSING_FAILED Language=English Administration Service encountered a problem when processing approval response received via e-mail. %nExchange Web Services address: %1 %nActiveRoles Server mailbox: %2 %nApproval task: %3 %nDetails: %n%4 . MessageId=1534 Severity=Error SymbolicName=EVENT_EWS_RESPONSE_SENDER_IS_NOT_APPROVER Language=English Approval task cannot be completed based on approval response received via e-mail. %nTask ID: %1 %nDetails: %2 . Audit Failure events NOTE: 2006, 2007, 2008, 2012 events are used for backward-compatibility MessageId=2000 Severity=Error SymbolicName=EVENT_POST_PROCESS_POLICY_VIOLATION Language=English Post-processing operation on object caused a policy violation. %nPolicy: %1 %nObject: %2 %nDetails: %3 . MessageId=2001 Severity=Error SymbolicName=EVENT_PRE_PROCESS_POLICY_VIOLATION Language=English Pre-processing operation on object caused a policy violation %nPolicy: %1 %nObject: %2 %nDetails: %3 . MessageId=2002 Severity=Error SymbolicName=EVENT_ACCESS_DENIED Language=English Operation on an object failed due to the 'Access is denied' error. %nObject: %1 %nObject type: %2 %nAction: %3 %nAttributes involved in the operation: %4 . MessageId=2003 Severity=Error SymbolicName=EVENT_POST_PROCESS_VA_ERROR Language=English Post-processing operation on object attributes failed when attempting to set attribute values. %nAttributes involved in the operation: %1 %nObject: %2 %nDetails: %3 . Error codes/events MessageId=2500 Severity=Error SymbolicName=EVENT_NON_CRITICAL_ERROR_ON_STARTUP Language=English Non-critical error occurred upon start of ActiveRoles Server Administration Service. %nDetails: %1 . MessageId=2501 Severity=Error SymbolicName=EVENT_CRITICAL_ERROR_ON_STARTUP Language=English Critical error occurred upon start of ActiveRoles Server Administration Service. %nDetails: %1 . MessageId=2006 Severity=Error SymbolicName=EVENT_HANDLER_NOT_INSTALLED Language=English Failed to install service handler. . MessageId=2007 Severity=Error SymbolicName=EVENT_FAILED_REGISTER_ROT Language=English Failed to register classes in the ROT.%nDetails: %1 . MessageId=2008 Severity=Error SymbolicName=EVENT_FAILED_COM_SECURITY Language=English Failed to initialize COM security.%nDetails: %1 . MessageId=2012 Severity=Success SymbolicName=EVENT_USER_AUTHENTICATE_FAILED Language=English ActiveRoles Server Administration Service failed to authenticate user. %nUser: %1 %nDetails: %2 . MessageId=2502 Severity=Error SymbolicName=EVENT_LICENSE_INSTALL_FAILED Language=English Failed to install ActiveRoles Server license. %nDetails: %1 . MessageId=2503 Severity=Error SymbolicName=EVENT_LICENSE_SYSTEM_FAILURE Language=English ActiveRoles Server licensing error. %nDetails: %1 . MessageId=2504 Severity=Success SymbolicName=EVENT_INTERNAL_ERROR Language=English Execution of ActiveRoles Server Administration Service stopped due to a critical error. . MessageId=2505 Severity=Error SymbolicName=EVENT_NON_CRITICAL_ERROR Language=English ActiveRoles Server Administration Service encountered a non-critical error. %nDetails: %1 . MessageId=2506 Severity=Success SymbolicName=EVENT_RESTORE_DATABASE_FAILED Language=English Restore operation on ActiveRoles Server configuration database failed. %nRestore source: %1 %nDetails: %2 . MessageId=2507 Severity=Success SymbolicName=EVENT_RESTORE_DATABASE_SUCCESS Language=English ActiveRoles Server configuration database is successfully restored. %nRestore source: %1 . MessageId=2508 Severity=Success SymbolicName=EVENT_CUSTOM_MESSAGE Language=English %1. //This event is not used in current version . MessageId=2509 Severity=Error SymbolicName=EVENT_MANAGED_DOMAIN_LOADING_FAILED Language=English ActiveRoles Server Administration Service failed to retrieve information from managed domain. %nDomain: %1 %nDetails: %2 . MessageId=2510 Severity=Error SymbolicName=EVENT_MANAGED_DOMAIN_UNAVAILABLE Language=English Managed domain is unavailable. %nDomain: %1 %nDetails: %2 . MessageId=2511 Severity=Warning SymbolicName=EVENT_APPROVAL_MAIL_NOTIFICATION_FAILED Language=English ActiveRoles Server Administration Service failed to send out e-mail notification about pending requests that are in 'Waiting for Approval' state. %nApprover: %1 %nDetails: %2 . MessageId=2512 Severity=Error SymbolicName=EVENT_DATABASE_CONNECTION_LOST Language=English Connection to database has been lost. %n%nActiveRoles Server Administration Service has lost connection to Configuration database. Administration Service is making attempts to connect to database. %nDetails: %1 %nDatabase: %2 %nSQL Server: %3 %n%4 //SQL Server connection restore period (in second) %nNext attempt to connect: In %5 minutes or later %n%nUntil after connection is restored unavailable are all the functions of Administration Service that require access to Configuration database. These include: (1) retrieving and updating ActiveRoles Server configuration data; (2) retrieving changes to configuration data made by other Administration Services (both directly and via replication); (3) retrieving and updating virtual attributes stored in Configuration database. . MessageId=2513 Severity=Success SymbolicName=EVENT_DATABASE_CONNECTION_RESTORED Language=English Connection to database has been restored. %n%nActiveRoles Server Administration Service has restored connection to Configuration database. %nDatabase: %1 %nSQL Server: %2 %3 //SQL Server connection restore period (in second) %n%nAll the functions of Administration Service that require access to Configuration database are now available. . MessageId=2520 Severity=Error SymbolicName=EVENT_DG_FAILED_REMOVE_OBJECT Language=English Error when updating Dynamic Group.%n %nFailed to remove object from Dynamic Group. %nDetails: %1 %nObject: %2 %nDynamic Group: %3 %n%nObject remains in Dynamic Group until after the issue is resolved. Try forcing update of Dynamic Group from the Members tab in the Properties dialog box for Dynamic Group, in the ActiveRoles Server console. . MessageId=2521 Severity=Error SymbolicName=EVENT_DG_FAILED_ADD_OBJECT Language=English Error when updating Dynamic Group.%n %nFailed to add object to Dynamic Group. %nDetails: %1 %nObject: %2 %nDynamic Group: %3 %n%nObject is missing from Dynamic Group until after the issue is resolved. Try forcing update of Dynamic Group from the Members tab in the Properties dialog box for Dynamic Group, in the ActiveRoles Server console. . MessageId=2522 Severity=Error SymbolicName=EVENT_DG_FAILED_UPDATE_NESTED_GROUP Language=English Error when updating Dynamic Group.%n %nFailed to update membership list of additional (nested) group generated to accommodate excessive membership of Dynamic Group. %nDetails: %1 %nNested group: %2 %nDynamic Group: %3 %n%nMembership list of nested group is not updated until after the issue is resolved, so membership list may be incompliant with membership rules. Try forcing update of Dynamic Group from the Members tab in the Properties dialog box for Dynamic Group, in the ActiveRoles Server console. . MessageId=2523 Severity=Error SymbolicName=EVENT_DG_FAILED_UPDATE_DYNAMIC_GROUP Language=English Error when updating Dynamic Group.%n %nFailed to update membership list of Dynamic Group. %nDetails: %1 %nDynamic Group: %2 %n%nMembership list of Dynamic Group is not updated until after the issue is resolved, so membership list may be incompliant with membership rules. Try forcing update of Dynamic Group from the Members tab in the Properties dialog box for Dynamic Group, in the ActiveRoles Server console. . MessageId=2524 Severity=Error SymbolicName=EVENT_DG_OBJECT_NOT_FOUND Language=English Error when updating Dynamic Group.%n %nFailed to look up object when updating membership list of Dynamic Group. The object may have been deleted. %nObject: %1 %nDynamic Group: %2 %n%nMembership rules referring to that object are inoperative until after the issue is resolved. Those rules are not taken into account when updating Dynamic Group, so membership list may be incompliant with membership rules. Check membership rules by using the Membership Rules tab in the Properties dialog box for Dynamic Group, in the ActiveRoles Server console. . MessageId=2525 Severity=Error SymbolicName=EVENT_DG_FAILED_REMOVE_USELESS_RULE Language=English Error when updating Dynamic Group.%n %nFailed to delete membership rule upon deletion of object. %nDetails: %1 %nObject: %2 %nDynamic Group: %3 %n%nMembership rules referring to that object are not deleted from Dynamic Group. To prevent issues with membership list, delete those rules using the Membership Rules tab in the Properties dialog box for Dynamic Group, in the ActiveRoles Server console. . MessageId=2526 Severity=Error SymbolicName=EVENT_DG_FAILED_RESOLVE_CONDITION Language=English Error when updating Dynamic Group.%n %nFailed to update membership list of Dynamic Group in accordance with one of the membership rules. %nDetails: %1 %nDynamic Group: %2 %nMembership rule scope: %3 %nMembership rule filter: %4 %n%nThe failed rule is not taken into account until after the issue is resolved, so membership list may be incompliant with membership rules. Try forcing update of Dynamic Group from the Members tab in the Properties dialog box for Dynamic Group, in the ActiveRoles Server console. Check membership rules by using the Membership Rules tab in that dialog box. . MessageId=2527 Severity=Error SymbolicName=EVENT_DG_FAILED_LOAD_DG_FROM_DOMAIN Language=English Error when updating Dynamic Group.%n %nFailed to retrieve information on Dynamic Groups from managed domain. %nDetails: %1 %nDomain: %2 %n%nDynamic Groups from that domain are inoperative until after the issue is resolved. . MessageId=2528 Severity=Success SymbolicName=EVENT_DG_MEMBERSHIP_REBUILD_INITIATED Language=English Rebuilding membership list of Dynamic Group started. %nDynamic Group: %1 . MessageId=2540 Severity=Error SymbolicName=EVENT_GF_NOT_FOUND Language=English Error during Group Family run.%n %nCannot find Group Family configuration storage group. %nConfiguration storage group: %1 %nRun task: %2 %n%nConfiguration storage group may have been either inaccessible or deleted. Group Family run canceled. . MessageId=2541 Severity=Error SymbolicName=EVENT_GF_FAILED_READ_GF_DATA Language=English Error during Group Family run.%n %nFailed to retrieve Group Family configuration data. %nDetails: %1 %nConfiguration storage group: %2 %nRun task: %3 %nFailed data: %4 %n%nTask to run Group Family is not performed until after the issue is resolved. . MessageId=2542 Severity=Error SymbolicName=EVENT_GF_INCORRECT_DATA Language=English Error during Group Family run.%n %nIncorrect data encountered in Group Family configuration. %nConfiguration storage group: %1 %nRun task: %2 %n%nConfiguration storage group may have been corrupted. Group Family run canceled. . MessageId=2543 Severity=Error SymbolicName=EVENT_GF_FAILED_UPDATE_GF_DATA Language=English Error during Group Family run.%n %nFailed to update Group Family configuration data. %nDetails: %1 %nConfiguration storage group: %2 %nRun task: %3 %nFailed data: %4 %n%nInformation about controlled groups and last run may be incorrect until a subsequent run of Group Family. . MessageId=2544 Severity=Error SymbolicName=EVENT_GF_FAILED_READ_CG_DATA Language=English Error during Group Family run.%n %nFailed to retrieve data from controlled group. %nDetails: %1 %nControlled group: %2 %nConfiguration storage group: %3 %nRun task: %4 %nFailed data: %5 %n%nChanges to controlled group may not be saved until a subsequent run of Group Family. . MessageId=2545 Severity=Error SymbolicName=EVENT_GF_FAILED_UPDATE_CG_DATA Language=English Error during Group Family run.%n %nFailed to update data in controlled group. %nDetails: %1 %nControlled group: %2 %nConfiguration storage group: %3 %nRun task: %4 %nFailed data: %5 %n%nGroup Family does not control this group until a subsequent run. . MessageId=2546 Severity=Error SymbolicName=EVENT_GF_FAILED_UPDATE_CG_MEMBERSHIP Language=English Error during Group Family run.%n %nFailed to update membership data in controlled group. %nDetails: %1 %nControlled group: %2 %nConfiguration storage group: %3 %nRun task: %4 %nFailed data: %5 %n%nMembership list of controlled group may be incorrect until a subsequent run of Group Family. . MessageId=2547 Severity=Error SymbolicName=EVENT_GF_FAILED_CREATE_CG Language=English Error during Group Family run.%n %nFailed to create controlled group. %nDetails: %1 %nControlled group: %2 %nConfiguration storage group: %3 %nRun task: %4 %n%nGroup Family attempts to create controlled group during a subsequent run. . MessageId=2548 Severity=Error SymbolicName=EVENT_GF_FAILED_FIND_CG Language=English Error during Group Family run.%n %nCannot find controlled group. %nControlled group: %1 %nConfiguration storage group: %2 %nRun task: %3 %n%nControlled group is not processed. Group Family attempts to find it during each subsequent run. . MessageId=2549 Severity=Error SymbolicName=EVENT_GF_FAILED_CREATE_TASK Language=English Error during Group Family run.%n %nEvent handler failed to create Group Family run task. %nDetails: %1 %nConfiguration storage group: %2 %nRun task: %3 %nEvent handler: %4 %n%nGroup Family is inoperative until run task is created. . MessageId=2550 Severity=Error SymbolicName=EVENT_GF_FAILED_MODIFY_TASK Language=English Error during Group Family run.%n %nEvent handler failed to modify Group Family run task. %nDetails: %1 %nConfiguration storage group: %2 %nRun task: %3 %nEvent handler: %4 %n%nSchedule of Group Family run has not been changed. . MessageId=2551 Severity=Error SymbolicName=EVENT_GF_FAILED_DELETE_TASK Language=English Error during Group Family run.%n %nEvent handler failed to delete Group Family run task upon deletion of configuration storage group. %nDetails: %1 %nConfiguration storage group: %2 %nRun task: %3 %nEvent handler: %4 %n%nTask continues to run Group Family in accordance with its schedule. . MessageId=2552 Severity=Success SymbolicName=EVENT_GF_TASK_STARTED_MANUALLY Language=English Group Family run task has been started manually by administrator. %nConfiguration storage group: %1 %nRun task: %2 . MessageId=2553 Severity=Success SymbolicName=EVENT_GF_RESULTS Language=English Group Family run is completed with the following results. %nControlled groups: %1 %nMembers in controlled groups: %2 %nConfiguration storage group: %3 %nRun task: %4 . MessageId=2554 Severity=Error SymbolicName=EVENT_GF_FAILED_SEARCH_ACCOUNTS Language=English Error during Group Family run.%n %nFailed to retrieve data from container when calculating Group Family groupings. %nDetails: %1 %nConfiguration storage group: %2 %nRun task: %3 %nContainer: %4 %n%nUntil a subsequent run, Group Family does not take into account information about objects held in that container. . MessageId=2555 Severity=Error SymbolicName=LICNUMBER_EXCEEDED_AND_EXPDATE_WARNING Language=English ActiveRoles Server license violation: The current number of enabled user accounts in AD (%1) exceeds the licensed number (%2). ActiveRoles Server continues to function but the license agreement is violated. %n%nThe ActiveRoles Server license will expire in %3 days. After the license has expired, the directory management function of ActiveRoles Server is unavailable. %n%nTo purchase a new license for ActiveRoles Server, please send an e-mail to sales@quest.com or contact your local sales office. A sales office directory can be found at http://www.quest.com/company/contact-us.aspx%n . MessageId=2556 Severity=Error SymbolicName=EVENT_LICENSE_EXPIRED Language=English License violation: The ActiveRoles Server license has expired. The directory management function of ActiveRoles Server is unavailable. %n%nTo purchase a new license for ActiveRoles Server, please send an e-mail to sales@quest.com or contact your local sales office. A sales office directory can be found at http://www.quest.com/company/contact-us.aspx . MessageId=2557 Severity=Error SymbolicName=LICENSED_NUMBER_EXCEEDED Language=English ActiveRoles Server license violation: The current number of enabled user accounts in AD (%1) exceeds the licensed number (%2). ActiveRoles Server continues to function but the license agreement is violated. %n%nTo purchase a new license for ActiveRoles Server with a greater number of AD users, please send an e-mail to sales@quest.com or contact your local sales office. A sales office directory can be found at http://www.quest.com/company/contact-us.aspx . MessageId=2558 Severity=Error SymbolicName=EXPIRATION_DATE_WARNING Language=English The ActiveRoles Server license will expire in %1 days. After the license has expired, the directory management function of ActiveRoles Server is unavailable. %n%nTo purchase a new license for ActiveRoles Server, please send an e-mail to sales@quest.com or contact your local sales office. A sales office directory can be found at http://www.quest.com/company/contact-us.aspx . MessageId=2559 Severity=Error SymbolicName=EVENT_AD_LDS_INSTANCE_LOADING_FAILED Language=English ActiveRoles Server Administration Service failed to retrieve information from managed AD LDS instance. %nAD LDS instance: %1 %nDetails: %2 . MessageId=2560 Severity=Success SymbolicName=EVENT_BUILDING_AD_LDS_INSTANCE_COMPLETED Language=English Operation on AD LDS instance registration data is successfully completed. %nOperation: Building %nAD LDS instance: %1 . MessageId=2561 Severity=Success SymbolicName=EVENT_REMOVING_AD_LDS_INSTANCE_COMPLETED Language=English Operation on AD LDS instance registration data is successfully completed. %nOperation: Removing %nAD LDS instance: %1 . MessageId=2562 Severity=Error SymbolicName=EVENT_FAILED_TO_CREATE_MAILBOX_FOR_NEWUSER Language=English Administration Service encountered an error when creating a mailbox-enabled user. The mailbox for this user was not created. %nUser: %1 %nDetails: %2 . MessageId=2563 Severity=Error SymbolicName=EVENT_FAILED_TO_CREATE_HOME_FOLDER Language=English Administration Service encountered an error when creating Home Folder for the user. %nUser: %1 %nDetails: %2 . MessageId=2564 Severity=Error SymbolicName=EVENT_FAILED_TO_CREATE_HOME_SHARE Language=English Administration Service encountered an error when creating Home Share for the user. %nUser: %1 %nDetails: %2 . MessageId=2565 Severity=Error SymbolicName=EVENT_FAILED_TO_START_REVIEW Language=English Attestation Review failed to start %n%nConfiguration: %1 %nDetails: %2 . MessageId=2566 Severity=Error SymbolicName=EVENT_FAILED_TO_EXTEND_REVIEW Language=English Attestation Review failed to be extended %n%nConfiguration: %1 %nStart time and date: %2 %nDuration (days): %3 %nDetails: %4 . MessageId=2567 Severity=Error SymbolicName=EVENT_FAILED_TO_FINISH_REVIEW Language=English Attestation Review failed to be stopped %n%nConfiguration: %1 %nStart time and date: %2 %nDuration (days): %3 %nDetails: %4 . MessageId=2568 Severity=Error SymbolicName=EVENT_FAILED_TO_UPDATE_REVIEW Language=English Attestation Review data failed to be updated %n%nConfiguration: %1 %nStart time and date: %2 %nDuration (days): %3 %nDetails: %4 . MessageId=2569 Severity=Error SymbolicName=EVENT_FAILED_TO_CREATE_REVIEW_TASK Language=English Attestation Review task failed to be created for attestor of object. %n%nAttestation Review configuration: %1 %nStart time and date: %2 %nDuration (days): %3 %nAttestor: %4 %nObject: %5 %nDetails: %6 . MessageId=2570 Severity=Success SymbolicName=EVENT_REVIEW_STARTED Language=English Attestation Review started %n%nConfiguration: %1 %nStart time and date: %2 %nDuration (days): %3 . MessageId=2571 Severity=Success SymbolicName=EVENT_REVIEW_EXTENDED Language=English Attestation Review extended %n%nConfiguration: %1 %nStart time and date: %2 %nNew duration setting (days) %3 . MessageId=2572 Severity=Success SymbolicName=EVENT_REVIEW_STOPPED Language=English Attestation Review stopped before it reached designated end date %n%nConfiguration: %1 %nStart time and date: %2 %nDesignated end date: %3 . MessageId=2573 Severity=Success SymbolicName=EVENT_REVIEW_ENDED Language=English Attestation Review duration period expired; Attestation Review completed %n%nConfiguration: %1 %nStart time and date: %2 . MessageId=2574 Severity=Success SymbolicName=EVENT_REVIEW_OBJECT_ADDED Language=English Object added to Attestation Review %n%nObject: %1 %nAttestation Review configuration: %2 . MessageId=2575 Severity=Success SymbolicName=EVENT_REVIEW_OBJECT_REMOVED Language=English Object removed from Attestation Review %n%nObject: %1 %nAttestation Review configuration: %2 . MessageId=2576 Severity=Success SymbolicName=EVENT_REVIEW_OBJECT_CERTIFIED Language=English Attestor certified object during Attestation Review %n%nObject: %1 %nAttestor: %2 %nAttestation Review configuration: %3 . MessageId=2577 Severity=Success SymbolicName=EVENT_REVIEW_OBJECT_UNDO_CERTIFIED Language=English Attestor revoked certification from object during Attestation Review %n%nObject: %1 %nAttestor: %2 %nAttestation Review configuration: %3 . MessageId=2578 Severity=Success SymbolicName=EVENT_REVIEW_OBJECT_OWNER_CHANGED Language=English Manager or owner setting changed on object during Attestation Review %n%nObject: %1 %nOwnership type: %2 %nNew manager or owner setting: %3 %nAttestation Review configuration: %4 . MessageId=2579 Severity=Success SymbolicName=EVENT_REVIEW_ORIGINATOR_CHANGED Language=English Attestation Review Service setting changed %n%nNew Attestation Review Service setting: %1 %nAttestation Review configuration: %2 . MessageId=2580 Severity=Success SymbolicName=EVENT_REVIEWS_START_BEGAN Language=English Process of validating Attestation Review began on this Administration Service %n%nAttestation Review configuration: %1 . MessageId=2581 Severity=Success SymbolicName=EVENT_REVIEWS_START_COMPLETED Language=English Process of validating Attestation Review completed on this Administration Service %n%nAttestation Review configuration: %1 . MessageId=2582 Severity=Success SymbolicName=EVENT_REVIEW_OBJECTS_VALIDATION_BEGAN Language=English Validation of target objects of Attestation Review began on this Administration Service %n%nAttestation Review configuration: %1 . MessageId=2583 Severity=Success SymbolicName=EVENT_REVIEW_OBJECTS_VALIDATION_COMPLETED Language=English Validation of target objects of Attestation Review completed on this Administration Service %n%nAttestation Review configuration: %1 . MessageId=2584 Severity=Success SymbolicName=EVENT_REVIEW_OBJECT_OWNERS_VALIDATION_BEGAN Language=English Validation of manager or owner setting on target objects of Attestation Review began on this Administration Service %n%nAttestation Review configuration: %1 . MessageId=2585 Severity=Success SymbolicName=EVENT_REVIEW_OBJECT_OWNERS_VALIDATION_COMPLETED Language=English Validation of manager or owner setting on target objects of Attestation Review completed on this Administration Service %n%nAttestation Review configuration: %1 . MessageId=2586 Severity=Error SymbolicName=EVENT_EXCHANGE_TASK_FAILED Language=English Administration Service encountered an error when performing operation on Exchange Server. %n%nOperation: %1 %nObject: %2 %nCommand: %3 %nDetails: %4 . MessageId=2587 Severity=Success SymbolicName=EVENT_DG_MEMBERSHIP_REBUILD_COMPLETED Language=English Rebuilding membership list of Dynamic Group completed successfully. %nDynamic Group: %1 . Temporal Group Membership events MessageId=2600 Severity=Success SymbolicName=TEMPORAL_GROUP_MEMBERSHIP_START_TIME_SET Language=English Temporal group membership start time successfully set on an object. The object is scheduled to be added to the group in accord with the start time set. %nOperation ID: %1 %nOperation GUID: %2 %nObject name: %3 %nObject parent container: %4 %nGroup name: %5 %nGroup parent container: %6 %nStart time (set): %7 . MessageId=2601 Severity=Error SymbolicName=TEMPORAL_GROUP_MEMBERSHIP_START_TIME_SET_FAILED Language=English Failed to set temporal membership start time on an object. The object will not be added to the group in accord with the start time specified. %nOperation ID: %1 %nOperation GUID: %2 %nObject name: %3 %nObject parent container: %4 %nGroup name: %5 %nGroup parent container: %6 %nStart time (failed to set): %7 %nDetails: %8 . MessageId=2602 Severity=Success SymbolicName=TEMPORAL_GROUP_MEMBERSHIP_END_TIME_SET Language=English Temporal group membership end time successfully set on an object. The object is scheduled to be removed from the group in accord with the end time set. %nOperation ID: %1 %nOperation GUID: %2 %nObject name: %3 %nObject parent container: %4 %nGroup name: %5 %nGroup parent container: %6 %nEnd time (set): %7 . MessageId=2603 Severity=Error SymbolicName=TEMPORAL_GROUP_MEMBERSHIP_END_TIME_SET_FAILED Language=English Failed to set temporal membership end time on an object. The object will not be removed from the group in accord with the end time specified. %nOperation ID: %1 %nOperation GUID: %2 %nObject name: %3 %nObject parent container: %4 %nGroup name: %5 %nGroup parent container: %6 %nEnd time (failed to set): %7 %nDetails: %8 . MessageId=2604 Severity=Success SymbolicName=TEMPORAL_GROUP_MEMBERSHIP_ADDED_TO_GROUP Language=English An object successfully added to the group in accord with the object's temporal group membership settings. %nOperation ID: %1 %nOperation GUID: %2 %nObject name: %3 %nObject parent container: %4 %nGroup name: %5 %nGroup parent container: %6 %nTemporal group membership start time: %7 . MessageId=2605 Severity=Error SymbolicName=TEMPORAL_GROUP_MEMBERSHIP_ADD_TO_GROUP_FAILED Language=English Failed to add an object to the group in accord with the object's temporal group membership settings. %nOperation ID: %1 %nOperation GUID: %2 %nObject name: %3 %nObject parent container: %4 %nGroup name: %5 %nGroup parent container: %6 %nTemporal group membership start time (failed): %7 %nDetails: %8 . MessageId=2606 Severity=Success SymbolicName=TEMPORAL_GROUP_MEMBERSHIP_REMOVED_FROM_GROUP Language=English An object successfully removed from the group in accord with the object's temporal group membership settings. %nOperation ID: %1 %nOperation GUID: %2 %nObject name: %3 %nObject parent container: %4 %nGroup name: %5 %nGroup parent container: %6 %nTemporal group membership end time: %7 . MessageId=2607 Severity=Error SymbolicName=TEMPORAL_GROUP_MEMBERSHIP_REMOVE_FROM_GROUP_FAILED Language=English Failed to remove an object from the group in accord with the object's temporal group membership settings. %nOperation ID: %1 %nOperation GUID: %2 %nObject name: %3 %nObject parent container: %4 %nGroup name: %5 %nGroup parent container: %6 %nTemporal group membership end time (failed): %7 %nDetails: %8 . MessageId=2608 Severity=Success SymbolicName=TEMPORAL_GROUP_MEMBERSHIP_SCHEDULE_DELETED Language=English Temporal group membership schedule deleted on an object. If the object was scheduled to be added or removed from the group, it will neither be added nor removed by the schedule. %nOperation ID: %1 %nOperation GUID: %2 %nObject name: %3 %nObject parent container: %4 %nGroup name: %5 %nGroup parent container: %6 %nTemporal group membership start time (deleted): %7 %nTemporal group membership end time (deleted): %8 . Operation specific events MessageId=2691 Severity=Success SymbolicName=EVENT_OPERATION_REQUESTED Language=English Operation request has been submitted to ActiveRoles Administration Service %nOperation ID: %1 %nOperation GUID: %2 %nOperation: %3 %nObject name: %4 %nObject parent container: %5 %nObject type: %6 %nObject GUID: %7 %nInitiator: %8 %nOperation reason: %9 %nDetails: %n%t%10 . MessageId=2692 Severity=Success SymbolicName=EVENT_OPERATION_COMPLETED Language=English Operation has been successfully performed %nOperation ID: %1 %nOperation GUID: %2 %nOperation: %3 %nObject name: %4 %nObject parent container: %5 %nObject type: %6 %nObject GUID: %7 %nInitiator: %8 %nOperation reason: %9 %nDetails: %n%t%10 . MessageId=2693 Severity=Error SymbolicName=EVENT_OPERATION_FAILED Language=English Operation failed %nOperation ID: %1 %nOperation GUID: %2 %nDetails: %n%t%3 . Workflow specific events MessageId=2701 Severity=Success SymbolicName=EVENT_WORKFLOW_STARTED Language=English Workflow instance has been started. %nWorkflow name: %1 %nWorkflow GUID: %2 %nWorkflow instance GUID: %3 %nOperation ID: %4 %nOperation GUID: %5 %nOperation: %6 %nObject name: %7 %nObject parent container: %8 %nObject type: %9 %nObject GUID: %10 %nInitiator: %11 %nOperation reason: %12 %nDetails: %n%t%13 . MessageId=2702 Severity=Success SymbolicName=EVENT_WORKFLOW_COMPLETED Language=English Workflow instance has been successfully completed. %nWorkflow name: %1 %nWorkflow GUID: %2 %nWorkflow instance GUID: %3 %nOperation ID: %4 %nOperation GUID: %5 %nOperation: %6 %nObject name: %7 %nObject parent container: %8 %nObject type: %9 %nObject GUID: %10 %nInitiator: %11 . MessageId=2703 Severity=Error SymbolicName=EVENT_WORKFLOW_FAILED Language=English Execution of workflow instance failed. %nWorkflow name: %1 %nWorkflow GUID: %2 %nWorkflow instance GUID: %3 %nOperation ID: %4 %nOperation GUID: %5 %nOperation: %6 %nObject name: %7 %nObject parent container: %8 %nObject type: %9 %nObject GUID: %10 %nInitiator: %11 %n%12 //Related Workflow Instance details %n%13 //Related Workflow Instance details . MessageId=2704 Severity=Success SymbolicName=EVENT_WORKFLOW_TERMINATED Language=English Workflow instance has been terminated. %nWorkflow name: %1 %nWorkflow GUID: %2 %nWorkflow instance GUID: %3 %nOperation ID: %4 %nOperation GUID: %5 %nOperation: %6 %nObject name: %7 %nObject parent container: %8 %nObject type: %9 %nObject GUID: %10 %nInitiator: %11 %n%12 //Related Workflow Instance details %n%13 //Related Workflow Instance details . MessageId=2705 Severity=Success SymbolicName=EVENT_WORKFLOW_SUSPENDED Language=English Workflow instance has been suspended. %nWorkflow name: %1 %nWorkflow GUID: %2 %nWorkflow instance GUID: %3 %nOperation ID: %4 %nOperation GUID: %5 %nOperation: %6 %nObject name: %7 %nObject parent container: %8 %nObject type: %9 %nObject GUID: %10 %nInitiator: %11 %n%12 //Related Workflow Instance details %n%13 //Related Workflow Instance details . MessageId=2706 Severity=Success SymbolicName=EVENT_WORKFLOW_RESUMED Language=English Workflow instance has been resumed. %nWorkflow name: %1 %nWorkflow GUID: %2 %nWorkflow instance GUID: %3 %nOperation ID: %4 %nOperation GUID: %5 %nOperation: %6 %nObject name: %7 %nObject parent container: %8 %nObject type: %9 %nObject GUID: %10 %nInitiator: %11 %nDetails: %12 . Activity specific events MessageId=2711 Severity=Warning SymbolicName=EVENT_ACTIVITY_ALERT Language=English Workflow activity has reported an alert. %nWorkflow name: %1 %nWorkflow GUID: %2 %nWorkflow instance GUID: %3 %nActivity name: %4 %nActivity type: %5 %n%6 //Operation details %n%7 //Operation details %n%8 //Not used %n%9 //Not used . MessageId=2712 Severity=Error SymbolicName=EVENT_ACTIVITY_ERROR Language=English Workflow activity has encountered a critical error. Execution of workflow instance failed. %nWorkflow name: %1 %nWorkflow GUID: %2 %nWorkflow instance GUID: %3 %nActivity type: %4 %nActivity name: %5 %6 //Operation details %7 //Not used . MessageId=2713 Severity=Success SymbolicName=EVENT_APPROVAL_ACTIVITY_STARTED Language=English Approval activity started, waiting for response from approver. %nActivity name: %1 %nWorkflow name: %2 %nWorkflow GUID: %3 %nWorkflow instance GUID: %4 %nInitiator: %5 %nDesignated approvers: %n%t%6 . MessageId=2714 Severity=Success SymbolicName=EVENT_APPROVAL_ACTIVITY_APPROVED Language=English Request for operation approved. Workflow is going to be resumed. %nActivity name: %1 %nWorkflow name: %2 %nWorkflow GUID: %3 %nWorkflow instance GUID: %4 %nInitiator: %5 %nApproved by: %6 %nAction reason: %7 . MessageId=2715 Severity=Success SymbolicName=EVENT_APPROVAL_ACTIVITY_REJECTED Language=English Request for operation rejected. %nActivity name: %1 %nWorkflow name: %2 %nWorkflow GUID: %3 %nWorkflow instance GUID: %4 %nInitiator: %5 %nRejected by: %6 %nAction reason: %7 . MessageId=2716 Severity=Error SymbolicName=EVENT_APPROVAL_ACTIVITY_FAILED Language=English ActiveRoles Administration Service failed to perform requested operation. %nActivity name: %1 %nWorkflow name: %2 %nWorkflow GUID: %3 %nWorkflow instance GUID: %4 %nInitiator: %5 %nApproved by: %6 %nDetails: %n%t%7 . MessageId=2718 Severity=Warning SymbolicName=EVENT_APPROVAL_ACTIVITY_CANCELLED Language=English Request for operation cancelled. %nActivity name: %1 %nWorkflow name: %2 %nWorkflow GUID: %3 %nWorkflow instance GUID: %4 %nInitiator: %5 %nApproved by: %6 %nDetails: %n%t%7 . MessageId=2717 Severity=Success SymbolicName=EVENT_CUSTOM_TYPE_POLICY_TRACE Language=English Policy of a custom type reported an event. %nOperation GUID: %1 %nObject name: %2 %nParent container: %3 %nObject class: %4 %nObject GUID: %5 %nPolicy type: %6 %nScript Module: %7 %n%8 //User Defined Parameter (Used in Request.ReportEvent/EventLog.ReportEvent) %n%9 //User Defined Parameter (Used in Request.ReportEvent/EventLog.ReportEvent) %n%10 //User Defined Parameter (Used in Request.ReportEvent/EventLog.ReportEvent) . MessageId=2719 Severity=Success SymbolicName=EVENT_DELETED_OBJECTS_CLEANUP_TRACE Language=English Scheduled task deleted ActiveRoles Server attributes and links for objects that were garbage-collected or recycled in Active Directory. %nTask ID: %1 %nSuccessfully processed: %2 objects %nFailed to process: %3 objects %n%t%4 //Error message %n%t%5 . MessageId=2720 Severity=Error SymbolicName=EVENT_GENERAL_ERROR Language=English General error occurred in ActiveRoles Server Administration Service. %nDetails: %1 . License events MessageId=2730 Severity=Error SymbolicName=EVENT_SSM_LICENSE_EXPIRED Language=English License violation: The ActiveRoles Self-Service Manager license has expired. %n%nTo purchase a new license for ActiveRoles Self-Service Manager, please send an e-mail to sales@quest.com or contact your local sales office. A sales office directory can be found at http://www.quest.com/company/contact-us.aspx . MessageId=2731 Severity=Error SymbolicName=SSM_LICNUMBER_EXCEEDED_AND_EXPDATE_WARNING Language=English Self-Service Manager license violation: The current number of enabled user accounts in AD (%1) exceeds the licensed number (%2). ActiveRoles Self-Service Manager continues to function but the license agreement is violated. %n%nThe ActiveRoles Self-Service Manager license will expire in %3 days. %n%nTo purchase a new license for ActiveRoles Self-Service Manager, please send an e-mail to sales@quest.com or contact your local sales office. A sales office directory can be found at http://www.quest.com/company/contact-us.aspx . MessageId=2732 Severity=Error SymbolicName=SSM_LICENSED_NUMBER_EXCEEDED Language=English Self-Service Manager license violation: The current number of enabled user accounts in AD (%1) exceeds the licensed number (%2). ActiveRoles Self-Service Manager continues to function but the license agreement is violated. %n%nTo purchase a new license for ActiveRoles Self-Service Manager with a greater number of AD users, please send an e-mail to sales@quest.com or contact your local sales office. A sales office directory can be found at http://www.quest.com/company/contact-us.aspx . MessageId=2733 Severity=Error SymbolicName=SSM_EXPIRATION_DATE_WARNING Language=English The ActiveRoles Self-Service Manager license will expire in %1 days. %n%nTo purchase a new license for ActiveRoles Self-Service Manager, please send an e-mail to sales@quest.com or contact your local sales office. A sales office directory can be found at http://www.quest.com/company/contact-us.aspx . MessageId=2734 Severity=Success SymbolicName=EVENT_SSM_LICENSE_INFO Language=English ActiveRoles Self-Service Manager license information is retrieved. %nLicense expires on: %1 %nMaximum allowed number of enabled user accounts: %2 %nTotal number of enabled user accounts in all managed domains: %3 %nInformation collected from these managed domains: %4 . MessageId=2735 Severity=Success SymbolicName=EVENT_SSM_LICENSE_INFO_INSTALLED Language=English ActiveRoles Self-Service Manager license is successfully installed. . MessageId=2736 Severity=Error SymbolicName=EVENT_SSM_LICENSE_INSTALL_FAILED Language=English Failed to install ActiveRoles Self-Service Manager license. %nDetails: %1 . MessageId=2737 Severity=Warning SymbolicName=EVENT_SSM_LICENSE_SYSTEM_FAILURE Language=English ActiveRoles Self-Service Manager licensing error. %nDetails: %1 . MessageId=2738 Severity=Error SymbolicName=EVENT_MH_DATABASE_CONNECTION_LOST Language=English Connection to database has been lost. %n%nActiveRoles Server Administration Service has lost connection to Management History database. Administration Service is making attempts to connect to database. %nDetails: %1 %nDatabase: %2 %nSQL Server: %3 %4 //FailoverPartner. name or address of the partner server to connect to if the primary server is down %nNext attempt to connect: In %5 minutes or later %n%nUntil after connection is restored unavailable are all the functions of Administration Service that require access to Management History database. These include: (1) collecting change history and user activity related data; (2) retrieving and updating information related to workflow, approval, attestation, temporal group membership, and deprovisioning tasks. . MessageId=2739 Severity=Success SymbolicName=EVENT_MH_DATABASE_CONNECTION_RESTORED Language=English Connection to database has been restored. %n%nActiveRoles Server Administration Service has restored connection to Management History database. %nDatabase: %1 %nSQL Server: %2 %3 //FailoverPartner. name or address of the partner server to connect to if the primary server is down %n%nAll the functions of Administration Service that require access to Management History database are now available. . MessageId=2740 Severity=Success SymbolicName=EVENT_GROUP_MEMBER_REPLICATION_LATENCY Language=English Administration Service completed a client's request to change the members list of a universal group. Members successfully added or removed from the group, but these changes may not be reflected on the client side until they are replicated by the Active Directory service from the client's operational domain controller to the Global Catalog servers. This issue is due to the fact that the client's operational domain controller is not a Global Catalog server.%n %nGroup changed: %1 %nClient: %2 %nClient's operational domain controller: %3 %nGlobal Catalog server selected by Administration Service: %4 . MessageId=2741 Severity=Error SymbolicName=UNMANAGED_LICENSED_NUMBER_EXCEEDED Language=English ActiveRoles Server license violation: The current number of enabled user accounts (%1) in unmanaged domain %2 exceeds the licensed number (%3). ActiveRoles Server continues to function but the license agreement is violated. %n%nTo purchase a new license for ActiveRoles Server with a greater number of AD users, please send an e-mail to sales@quest.com or contact your local sales office. A sales office directory can be found at http://www.quest.com/company/contact-us.aspx . MessageId=2742 Severity=Error SymbolicName=SSM_UNMANAGED_LICENSED_NUMBER_EXCEEDED Language=English ActiveRoles Self-Service Manager license violation: The current number of enabled user accounts (%1) in unmanaged domain %2 exceeds the licensed number (%3). ActiveRoles Self-Service Manager continues to function but the license agreement is violated. %n%nTo purchase a new license for ActiveRoles Self-Service Manager with a greater number of AD users, please send an e-mail to sales@quest.com or contact your local sales office. A sales office directory can be found at http://www.quest.com/company/contact-us.aspx . Comparison of Windows Security Log and EDM Server Log events (examples) This section of the document contains examples of events for some basic operations in Active Directory such as Create, Update, and Delete. Security Log Event: A user account was enabled using ADUC. Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 10/25/2011 11:06:31 AM Event ID: 4722 Task Category: User Account Management Level: Information Keywords: Audit Success User: N/A Computer: lemondc.lemon.msk.qsft Description: A user account was enabled. Subject: Security ID: Account Name: Account Domain: Logon ID: LEMON\Administrator Administrator LEMON 0x3e1342 Target Account: Security ID: LEMON\AliceMay1 Account Name: AliceMay1 Account Domain: LEMON Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA3E3B0328C30D}" /> <EventID>4722</EventID> <Version>0</Version> <Level>0</Level> <Task>13824</Task> <Opcode>0</Opcode> <Keywords>0x8020000000000000</Keywords> <TimeCreated SystemTime="2011-10-25T07:06:31.466875300Z" /> <EventRecordID>69378480</EventRecordID> <Correlation /> <Execution ProcessID="544" ThreadID="1676" /> <Channel>Security</Channel> <Computer>lemondc.lemon.msk.qsft</Computer> <Security /> </System> <EventData> <Data Name="TargetUserName">AliceMay1</Data> <Data Name="TargetDomainName">LEMON</Data> <Data Name="TargetSid">S-1-5-21-3554251242-1264910074-2838194852-1610</Data> <Data Name="SubjectUserSid">S-1-5-21-3554251242-1264910074-2838194852-500</Data> <Data Name="SubjectUserName">Administrator</Data> <Data Name="SubjectDomainName">LEMON</Data> <Data Name="SubjectLogonId">0x3e1342</Data> </EventData> </Event> EDM Server Log Event: A user account was enabled using ARS MMC. Log Name: EDM Server Source: EDM Date: 10/25/2011 5:59:21 PM Event ID: 2692 Task Category: Operation Level: Information Keywords: Classic User: LEMONARS670FIX2\Administrator Computer: lemonars670fix2.lemon.msk.qsft Description: Operation has been successfully performed Operation ID: 1-15016 Operation GUID: 348e8aae-6aa9-4836-9be1-0cc373d91ee8 Operation: Modify Object Object name: Ilya Sadikov Object parent container: lemon.msk.qsft/Atsvetko Object type: user Object GUID: 31744c30-467e-417d-a015-f1f8a6e3db52 Initiator: LEMONARS670FIX2\Administrator Operation reason: Details: Attributes: userAccountControl 66048 edsaAccountIsDisabled False Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="EDM" /> <EventID Qualifiers="0">2692</EventID> <Level>4</Level> <Task>38</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-10-25T13:59:21.000000000Z" /> <EventRecordID>434394</EventRecordID> <Channel>EDM Server</Channel> <Computer>lemonars670fix2.lemon.msk.qsft</Computer> <Security UserID="S-1-5-21-1848092012-1926383285-923607351-500" /> </System> <EventData> <Data>1-15016</Data> <Data>348e8aae-6aa9-4836-9be1-0cc373d91ee8</Data> <Data>Modify Object</Data> <Data>Ilya Sadikov</Data> <Data>lemon.msk.qsft/Atsvetko</Data> <Data>user</Data> <Data>31744c30-467e-417d-a015-f1f8a6e3db52</Data> <Data>LEMONARS670FIX2\Administrator</Data> <Data> </Data> <Data>Attributes: userAccountControl 66048 edsaAccountIsDisabled False</Data> </EventData> </Event> Security Log Event: A user account was disabled using ADUC. Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 10/25/2011 3:02:45 PM Event ID: 4725 Task Category: User Account Management Level: Information Keywords: Audit Success User: N/A Computer: lemondc.lemon.msk.qsft Description: A user account was disabled. Subject: Security ID: Account Name: Account Domain: Logon ID: LEMON\Administrator Administrator LEMON 0x4aa95f Target Account: Security ID: LEMON\AliceMay1 Account Name: AliceMay1 Account Domain: LEMON Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA3E3B0328C30D}" /> <EventID>4725</EventID> <Version>0</Version> <Level>0</Level> <Task>13824</Task> <Opcode>0</Opcode> <Keywords>0x8020000000000000</Keywords> <TimeCreated SystemTime="2011-10-25T11:02:45.338017600Z" /> <EventRecordID>69396180</EventRecordID> <Correlation /> <Execution ProcessID="544" ThreadID="1232" /> <Channel>Security</Channel> <Computer>lemondc.lemon.msk.qsft</Computer> <Security /> </System> <EventData> <Data Name="TargetUserName">AliceMay1</Data> <Data Name="TargetDomainName">LEMON</Data> <Data Name="TargetSid">S-1-5-21-3554251242-1264910074-2838194852-1610</Data> <Data Name="SubjectUserSid">S-1-5-21-3554251242-1264910074-2838194852-500</Data> <Data Name="SubjectUserName">Administrator</Data> <Data Name="SubjectDomainName">LEMON</Data> <Data Name="SubjectLogonId">0x4aa95f</Data> </EventData> </Event> EDM Server Log Event: A user account was disabled using ARS MMC. Log Name: EDM Server Source: EDM Date: 10/25/2011 5:06:43 PM Event ID: 2692 Task Category: Operation Level: Information Keywords: Classic User: LEMONARS670FIX2\Administrator Computer: lemonars670fix2.lemon.msk.qsft Description: Operation has been successfully performed Operation ID: 1-15006 Operation GUID: 2a362a49-bab0-4838-a83a-6e7ec17fe4a6 Operation: Modify Object Object name: Alice May Object parent container: lemon.msk.qsft/Atsvetko Object type: user Object GUID: dcb269ff-e1a8-4587-b871-e66369583efa Initiator: LEMONARS670FIX2\Administrator Operation reason: Details: Attributes: userAccountControl 514 edsaAccountIsDisabled True Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="EDM" /> <EventID Qualifiers="0">2692</EventID> <Level>4</Level> <Task>38</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-10-25T13:06:43.000000000Z" /> <EventRecordID>434282</EventRecordID> <Channel>EDM Server</Channel> <Computer>lemonars670fix2.lemon.msk.qsft</Computer> <Security UserID="S-1-5-21-1848092012-1926383285-923607351-500" /> </System> <EventData> <Data>1-15006</Data> <Data>2a362a49-bab0-4838-a83a-6e7ec17fe4a6</Data> <Data>Modify Object</Data> <Data>Alice May</Data> <Data>lemon.msk.qsft/Atsvetko</Data> <Data>user</Data> <Data>dcb269ff-e1a8-4587-b871-e66369583efa</Data> <Data>LEMONARS670FIX2\Administrator</Data> <Data> </Data> <Data>Attributes: userAccountControl 514 edsaAccountIsDisabled True</Data> </EventData> </Event> Security Log Event: A member was added to a security-enabled global group using ADUC. Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 10/25/2011 2:52:22 PM Event ID: 4728 Task Category: Security Group Management Level: Information Keywords: Audit Success User: N/A Computer: lemondc.lemon.msk.qsft Description: A member was added to a security-enabled global group. Subject: Security ID: Account Name: Account Domain: Logon ID: LEMON\Administrator Administrator LEMON 0x4a2f18 Member: Security ID: Account Name: LEMON\AliceMay1 CN=Alice May,OU=Atsvetko,DC=lemon,DC=msk,DC=qsft Group: Security ID: LEMON\Lorando Group Name: Group Domain: Lorando LEMON Additional Information: Privileges: Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA3E3B0328C30D}" /> <EventID>4728</EventID> <Version>0</Version> <Level>0</Level> <Task>13826</Task> <Opcode>0</Opcode> <Keywords>0x8020000000000000</Keywords> <TimeCreated SystemTime="2011-10-25T10:52:22.715964500Z" /> <EventRecordID>69395342</EventRecordID> <Correlation /> <Execution ProcessID="544" ThreadID="1232" /> <Channel>Security</Channel> <Computer>lemondc.lemon.msk.qsft</Computer> <Security /> </System> <EventData> <Data Name="MemberName">CN=Alice May,OU=Atsvetko,DC=lemon,DC=msk,DC=qsft</Data> <Data Name="MemberSid">S-1-5-21-3554251242-1264910074-2838194852-1610</Data> <Data Name="TargetUserName">Lorando</Data> <Data Name="TargetDomainName">LEMON</Data> <Data Name="TargetSid">S-1-5-21-3554251242-1264910074-2838194852-1609</Data> <Data Name="SubjectUserSid">S-1-5-21-3554251242-1264910074-2838194852-500</Data> <Data Name="SubjectUserName">Administrator</Data> <Data Name="SubjectDomainName">LEMON</Data> <Data Name="SubjectLogonId">0x4a2f18</Data> <Data Name="PrivilegeList">-</Data> </EventData> </Event> EDM Server Log Event: A member was added to a security-enabled global group using ARS MMC. Log Name: EDM Server Source: EDM Date: 10/25/2011 5:10:36 PM Event ID: 2692 Task Category: Operation Level: Information Keywords: Classic User: LEMONARS670FIX2\Administrator Computer: lemonars670fix2.lemon.msk.qsft Description: Operation has been successfully performed Operation ID: 1-15009 Operation GUID: 179da28a-a756-4e0a-815d-c6c2e9e00888 Operation: Modify Object Object name: Finance.Management Object parent container: lemon.msk.qsft/Atsvetko Object type: group Object GUID: 0d327fde-9624-4773-b485-002d9e30797f Initiator: LEMONARS670FIX2\Administrator Operation reason: Details: Attributes: member (append) CN=Alice May,OU=Atsvetko,DC=lemon,DC=msk,DC=qsft Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="EDM" /> <EventID Qualifiers="0">2692</EventID> <Level>4</Level> <Task>38</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-10-25T13:10:36.000000000Z" /> <EventRecordID>434324</EventRecordID> <Channel>EDM Server</Channel> <Computer>lemonars670fix2.lemon.msk.qsft</Computer> <Security UserID="S-1-5-21-1848092012-1926383285-923607351-500" /> </System> <EventData> <Data>1-15009</Data> <Data>179da28a-a756-4e0a-815d-c6c2e9e00888</Data> <Data>Modify Object</Data> <Data>Finance.Management</Data> <Data>lemon.msk.qsft/Atsvetko</Data> <Data>group</Data> <Data>0d327fde-9624-4773-b485-002d9e30797f</Data> <Data>LEMONARS670FIX2\Administrator</Data> <Data> </Data> <Data>Attributes: member (append) CN=Alice May,OU=Atsvetko,DC=lemon,DC=msk,DC=qsft</Data> </EventData> </Event> Security Log Event: Password reset using ADUC Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 10/25/2011 3:04:46 PM Event ID: 4724 Task Category: User Account Management Level: Information Keywords: Audit Success User: N/A Computer: lemondc.lemon.msk.qsft Description: An attempt was made to reset an account's password. Subject: Security ID: Account Name: Account Domain: Logon ID: LEMON\Administrator Administrator LEMON 0x4ab1e4 Target Account: Security ID: LEMON\AliceMay1 Account Name: AliceMay1 Account Domain: LEMON Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA3E3B0328C30D}" /> <EventID>4724</EventID> <Version>0</Version> <Level>0</Level> <Task>13824</Task> <Opcode>0</Opcode> <Keywords>0x8020000000000000</Keywords> <TimeCreated SystemTime="2011-10-25T11:04:46.935930300Z" /> <EventRecordID>69396362</EventRecordID> <Correlation /> <Execution ProcessID="544" ThreadID="1836" /> <Channel>Security</Channel> <Computer>lemondc.lemon.msk.qsft</Computer> <Security /> </System> <EventData> <Data Name="TargetUserName">AliceMay1</Data> <Data Name="TargetDomainName">LEMON</Data> <Data Name="TargetSid">S-1-5-21-3554251242-1264910074-2838194852-1610</Data> <Data Name="SubjectUserSid">S-1-5-21-3554251242-1264910074-2838194852-500</Data> <Data Name="SubjectUserName">Administrator</Data> <Data Name="SubjectDomainName">LEMON</Data> <Data Name="SubjectLogonId">0x4ab1e4</Data> </EventData> </Event> EDM Server Log Event: Password reset using ARS MMC Log Name: EDM Server Source: EDM Date: 10/25/2011 5:12:56 PM Event ID: 2692 Task Category: Operation Level: Information Keywords: Classic User: LEMONARS670FIX2\Administrator Computer: lemonars670fix2.lemon.msk.qsft Description: Operation has been successfully performed Operation ID: 1-15010 Operation GUID: ed555887-c865-4fa1-bc4e-d52a416f0969 Operation: Modify Object Object name: Alice May Object parent container: lemon.msk.qsft/Atsvetko Object type: user Object GUID: dcb269ff-e1a8-4587-b871-e66369583efa Initiator: LEMONARS670FIX2\Administrator Operation reason: Details: Attributes: edsaPassword ******** Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="EDM" /> <EventID Qualifiers="0">2692</EventID> <Level>4</Level> <Task>38</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-10-25T13:12:56.000000000Z" /> <EventRecordID>434328</EventRecordID> <Channel>EDM Server</Channel> <Computer>lemonars670fix2.lemon.msk.qsft</Computer> <Security UserID="S-1-5-21-1848092012-1926383285-923607351-500" /> </System> <EventData> <Data>1-15010</Data> <Data>ed555887-c865-4fa1-bc4e-d52a416f0969</Data> <Data>Modify Object</Data> <Data>Alice May</Data> <Data>lemon.msk.qsft/Atsvetko</Data> <Data>user</Data> <Data>dcb269ff-e1a8-4587-b871-e66369583efa</Data> <Data>LEMONARS670FIX2\Administrator</Data> <Data> </Data> <Data>Attributes: edsaPassword ********</Data> </EventData> </Event> Security Log Event: A user account was changed using ADUC (Home Directory attribute). Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 10/25/2011 3:09:52 PM Event ID: 4738 Task Category: User Account Management Level: Information Keywords: Audit Success User: N/A Computer: lemondc.lemon.msk.qsft Description: A user account was changed. Subject: Security ID: Account Name: Account Domain: Logon ID: LEMON\Administrator Administrator LEMON 0x4aebc3 Target Account: Security ID: Account Name: Account Domain: LEMON\AliceMay1 AliceMay1 LEMON Changed Attributes: SAM Account Name: Display Name: User Principal Name: - Home Directory: Home Drive: Script Path: Profile Path: User Workstations: Password Last Set: Account Expires: Primary Group ID: AllowedToDelegateTo: Old UAC Value: New UAC Value: User Account Control: User Parameters: SID History: Logon Hours: Additional Information: Privileges: C:\Share\AliceMay1 - - Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA3E3B0328C30D}" /> <EventID>4738</EventID> <Version>0</Version> <Level>0</Level> <Task>13824</Task> <Opcode>0</Opcode> <Keywords>0x8020000000000000</Keywords> <TimeCreated SystemTime="2011-10-25T11:09:52.152580700Z" /> <EventRecordID>69396802</EventRecordID> <Correlation /> <Execution ProcessID="544" ThreadID="1232" /> <Channel>Security</Channel> <Computer>lemondc.lemon.msk.qsft</Computer> <Security /> </System> <EventData> <Data Name="Dummy">-</Data> <Data Name="TargetUserName">AliceMay1</Data> <Data Name="TargetDomainName">LEMON</Data> <Data Name="TargetSid">S-1-5-21-3554251242-1264910074-2838194852-1610</Data> <Data Name="SubjectUserSid">S-1-5-21-3554251242-1264910074-2838194852-500</Data> <Data Name="SubjectUserName">Administrator</Data> <Data Name="SubjectDomainName">LEMON</Data> <Data Name="SubjectLogonId">0x4aebc3</Data> <Data Name="PrivilegeList">-</Data> <Data Name="SamAccountName">-</Data> <Data Name="DisplayName">-</Data> <Data Name="UserPrincipalName">-</Data> <Data Name="HomeDirectory">C:\Share\AliceMay1</Data> <Data Name="HomePath">-</Data> <Data Name="ScriptPath">-</Data> <Data Name="ProfilePath">-</Data> <Data Name="UserWorkstations">-</Data> <Data Name="PasswordLastSet">-</Data> <Data Name="AccountExpires">-</Data> <Data Name="PrimaryGroupId">-</Data> <Data Name="AllowedToDelegateTo">-</Data> <Data Name="OldUacValue">-</Data> <Data Name="NewUacValue">-</Data> <Data Name="UserAccountControl">-</Data> <Data Name="UserParameters">-</Data> <Data Name="SidHistory">-</Data> <Data Name="LogonHours">-</Data> </EventData> </Event> EDM Server Log Event: A user account was changed using ARS MMC (Home Directory attribute). Log Name: EDM Server Source: EDM Date: 10/25/2011 5:15:04 PM Event ID: 2692 Task Category: Operation Level: Information Keywords: Classic User: LEMONARS670FIX2\Administrator Computer: lemonars670fix2.lemon.msk.qsft Description: Operation has been successfully performed Operation ID: 1-15011 Operation GUID: 8af5518f-5bdc-4c8e-8d7a-42a1a1fbfbdd Operation: Modify Object Object name: Alice May Object parent container: lemon.msk.qsft/Atsvetko Object type: user Object GUID: dcb269ff-e1a8-4587-b871-e66369583efa Initiator: LEMONARS670FIX2\Administrator Operation reason: Details: Attributes: homeDirectory C:\Share2\AliceMay1 Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="EDM" /> <EventID Qualifiers="0">2692</EventID> <Level>4</Level> <Task>38</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-10-25T13:15:04.000000000Z" /> <EventRecordID>434332</EventRecordID> <Channel>EDM Server</Channel> <Computer>lemonars670fix2.lemon.msk.qsft</Computer> <Security UserID="S-1-5-21-1848092012-1926383285-923607351-500" /> </System> <EventData> <Data>1-15011</Data> <Data>8af5518f-5bdc-4c8e-8d7a-42a1a1fbfbdd</Data> <Data>Modify Object</Data> <Data>Alice May</Data> <Data>lemon.msk.qsft/Atsvetko</Data> <Data>user</Data> <Data>dcb269ff-e1a8-4587-b871-e66369583efa</Data> <Data>LEMONARS670FIX2\Administrator</Data> <Data> </Data> <Data>Attributes: homeDirectory C:\Share2\AliceMay1</Data> </EventData> </Event> Security Log Event: A user account was created using ADUC. Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 10/24/2011 6:06:49 PM Event ID: 4720 Task Category: User Account Management Level: Information Keywords: Audit Success User: N/A Computer: lemondc.lemon.msk.qsft Description: A user account was created. Subject: Security ID: Account Name: Account Domain: Logon ID: New Account: Security ID: Account Name: Account Domain: LEMON\Administrator Administrator LEMON 0xb3fe6 LEMON\AlexeyKaramazov AlexeyKaramazov LEMON Attributes: SAM Account Name: AlexeyKaramazov Display Name: Alexey Karamazov User Principal Name: AlexeyKaramazov@lemon.msk.qsft Home Directory: Home Drive: Script Path: Profile Path: User Workstations: lastr Password Last Set: <never> Account Expires: <never> Primary Group ID: 513 Allowed To Delegate To: Old UAC Value: 0x0 New UAC Value: 0x15 User Account Control: Account Disabled 'Password Not Required' - Enabled 'Normal Account' - Enabled User Parameters: SID History: Logon Hours: <value not set> Additional Information: Privileges Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA3E3B0328C30D}" /> <EventID>4720</EventID> <Version>0</Version> <Level>0</Level> <Task>13824</Task> <Opcode>0</Opcode> <Keywords>0x8020000000000000</Keywords> <TimeCreated SystemTime="2011-10-24T14:06:49.134681400Z" /> <EventRecordID>69301966</EventRecordID> <Correlation /> <Execution ProcessID="544" ThreadID="1772" /> <Channel>Security</Channel> <Computer>lemondc.lemon.msk.qsft</Computer> <Security /> </System> <EventData> <Data Name="TargetUserName">AlexeyKaramazov</Data> <Data Name="TargetDomainName">LEMON</Data> <Data Name="TargetSid">S-1-5-21-3554251242-1264910074-2838194852-2221</Data> <Data Name="SubjectUserSid">S-1-5-21-3554251242-1264910074-2838194852-500</Data> <Data Name="SubjectUserName">Administrator</Data> <Data Name="SubjectDomainName">LEMON</Data> <Data Name="SubjectLogonId">0xb3fe6</Data> <Data Name="PrivilegeList">-</Data> <Data Name="SamAccountName">AlexeyKaramazov</Data> <Data Name="DisplayName">Alexey Karamazov</Data> <Data Name="UserPrincipalName">AlexeyKaramazov@lemon.msk.qsft</Data> <Data Name="HomeDirectory">-</Data> <Data Name="HomePath">-</Data> <Data Name="ScriptPath">-</Data> <Data Name="ProfilePath">-</Data> <Data Name="UserWorkstations">lastr</Data> <Data Name="PasswordLastSet">%%1794</Data> <Data Name="AccountExpires">%%1794</Data> <Data Name="PrimaryGroupId">513</Data> <Data Name="AllowedToDelegateTo">-</Data> <Data Name="OldUacValue">0x0</Data> <Data Name="NewUacValue">0x15</Data> <Data Name="UserAccountControl"> %%2080 %%2082 %%2084</Data> <Data Name="UserParameters">-</Data> <Data Name="SidHistory">-</Data> <Data Name="LogonHours">%%1793</Data> </EventData> </Event> EDM Server Log Event: A user account was created ARS MMC. Log Name: EDM Server Source: EDM Date: 10/25/2011 5:19:38 PM Event ID: 2692 Task Category: Operation Level: Information Keywords: Classic User: LEMONARS670FIX2\Administrator Computer: lemonars670fix2.lemon.msk.qsft Description: Operation has been successfully performed Operation ID: 1-15013 Operation GUID: 838a7256-8d45-40fb-a983-d8ae92a24cd7 Operation: Delete Object Object name: Rodion Raskolnikov Object parent container: lemon.msk.qsft/Atsvetko Object type: user Object GUID: c3a94a7a-2c2d-420d-ba9f-80aa7d69fa5d Initiator: LEMONARS670FIX2\Administrator Operation reason: Details: Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="EDM" /> <EventID Qualifiers="0">2692</EventID> <Level>4</Level> <Task>38</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-10-25T13:19:38.000000000Z" /> <EventRecordID>434360</EventRecordID> <Channel>EDM Server</Channel> <Computer>lemonars670fix2.lemon.msk.qsft</Computer> <Security UserID="S-1-5-21-1848092012-1926383285-923607351-500" /> </System> <EventData> <Data>1-15013</Data> <Data>838a7256-8d45-40fb-a983-d8ae92a24cd7</Data> <Data>Delete Object</Data> <Data>Rodion Raskolnikov</Data> <Data>lemon.msk.qsft/Atsvetko</Data> <Data>user</Data> <Data>c3a94a7a-2c2d-420d-ba9f-80aa7d69fa5d</Data> <Data>LEMONARS670FIX2\Administrator</Data> <Data> </Data> <Data> </Data> </EventData> </Event> Security Log Event: A user account was deleted using ADUC. Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 10/25/2011 3:32:38 PM Event ID: 4726 Task Category: User Account Management Level: Information Keywords: Audit Success User: N/A Computer: lemondc.lemon.msk.qsft Description: A user account was deleted. Subject: Security ID: Account Name: Account Domain: Logon ID: LEMON\Administrator Administrator LEMON 0x4c178d Target Account: Security ID: Account Name: Account Domain: S-1-5-21-3554251242-1264910074-2838194852-2225 JessicaTunes LEMON Additional Information: Privileges Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA3E3B0328C30D}" /> <EventID>4726</EventID> <Version>0</Version> <Level>0</Level> <Task>13824</Task> <Opcode>0</Opcode> <Keywords>0x8020000000000000</Keywords> <TimeCreated SystemTime="2011-10-25T11:32:38.647177100Z" /> <EventRecordID>69398947</EventRecordID> <Correlation /> <Execution ProcessID="544" ThreadID="1164" /> <Channel>Security</Channel> <Computer>lemondc.lemon.msk.qsft</Computer> <Security /> </System> <EventData> <Data Name="TargetUserName">JessicaTunes</Data> <Data Name="TargetDomainName">LEMON</Data> <Data Name="TargetSid">S-1-5-21-3554251242-1264910074-2838194852-2225</Data> <Data Name="SubjectUserSid">S-1-5-21-3554251242-1264910074-2838194852-500</Data> <Data Name="SubjectUserName">Administrator</Data> <Data Name="SubjectDomainName">LEMON</Data> <Data Name="SubjectLogonId">0x4c178d</Data> <Data Name="PrivilegeList">-</Data> </EventData> </Event> EDM Server Log Event: A user account was deleted using ARS MMC. Log Name: EDM Server Source: EDM Date: 10/25/2011 5:19:38 PM Event ID: 2692 Task Category: Operation Level: Information Keywords: Classic User: LEMONARS670FIX2\Administrator Computer: lemonars670fix2.lemon.msk.qsft Description: Operation has been successfully performed Operation ID: 1-15013 Operation GUID: 838a7256-8d45-40fb-a983-d8ae92a24cd7 Operation: Delete Object Object name: Rodion Raskolnikov Object parent container: lemon.msk.qsft/Atsvetko Object type: user Object GUID: c3a94a7a-2c2d-420d-ba9f-80aa7d69fa5d Initiator: LEMONARS670FIX2\Administrator Operation reason: Details: Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="EDM" /> <EventID Qualifiers="0">2692</EventID> <Level>4</Level> <Task>38</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-10-25T13:19:38.000000000Z" /> <EventRecordID>434360</EventRecordID> <Channel>EDM Server</Channel> <Computer>lemonars670fix2.lemon.msk.qsft</Computer> <Security UserID="S-1-5-21-1848092012-1926383285-923607351-500" /> </System> <EventData> <Data>1-15013</Data> <Data>838a7256-8d45-40fb-a983-d8ae92a24cd7</Data> <Data>Delete Object</Data> <Data>Rodion Raskolnikov</Data> <Data>lemon.msk.qsft/Atsvetko</Data> <Data>user</Data> <Data>c3a94a7a-2c2d-420d-ba9f-80aa7d69fa5d</Data> <Data>LEMONARS670FIX2\Administrator</Data> <Data> </Data> <Data> </Data> </EventData> </Event> Security Log Event: A user account was created using New-ADuser cmdlets Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 10/28/2011 4:53:36 PM Event ID: 4720 Task Category: User Account Management Level: Information Keywords: Audit Success User: N/A Computer: lemondc.lemon.msk.qsft Description: A user account was created. Subject: Security ID: Account Name: Account Domain: Logon ID: LEMON\Administrator Administrator LEMON 0x189d639 New Account: Security ID: Account Name: Account Domain: LEMON\Jadzia Dax Jadzia Dax LEMON Attributes: SAM Account Name: Display Name: User Principal Name: Jadzia Dax - Home Directory: Home Drive: Script Path: Profile Path: User Workstations: Password Last Set: <never> Account Expires: <never> Primary Group ID: 513 Allowed To Delegate To: Old UAC Value: 0x0 New UAC Value: 0x11 User Account Control: Account Disabled 'Normal Account' - Enabled User Parameters: SID History: Logon Hours: <value not set> Additional Information: Privileges Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA3E3B0328C30D}" /> <EventID>4720</EventID> <Version>0</Version> <Level>0</Level> <Task>13824</Task> <Opcode>0</Opcode> <Keywords>0x8020000000000000</Keywords> <TimeCreated SystemTime="2011-10-28T12:53:36.202384500Z" /> <EventRecordID>70031207</EventRecordID> <Correlation /> <Execution ProcessID="544" ThreadID="1232" /> <Channel>Security</Channel> <Computer>lemondc.lemon.msk.qsft</Computer> <Security /> </System> <EventData> <Data Name="TargetUserName">Jadzia Dax</Data> <Data Name="TargetDomainName">LEMON</Data> <Data Name="TargetSid">S-1-5-21-3554251242-1264910074-2838194852-2236</Data> <Data Name="SubjectUserSid">S-1-5-21-3554251242-1264910074-2838194852-500</Data> <Data Name="SubjectUserName">Administrator</Data> <Data Name="SubjectDomainName">LEMON</Data> <Data Name="SubjectLogonId">0x189d639</Data> <Data Name="PrivilegeList">-</Data> <Data Name="SamAccountName">Jadzia Dax</Data> <Data Name="DisplayName">-</Data> <Data Name="UserPrincipalName">-</Data> <Data Name="HomeDirectory">-</Data> <Data Name="HomePath">-</Data> <Data Name="ScriptPath">-</Data> <Data Name="ProfilePath">-</Data> <Data Name="UserWorkstations">-</Data> <Data Name="PasswordLastSet">%%1794</Data> <Data Name="AccountExpires">%%1794</Data> <Data Name="PrimaryGroupId">513</Data> <Data Name="AllowedToDelegateTo">-</Data> <Data Name="OldUacValue">0x0</Data> <Data Name="NewUacValue">0x11</Data> <Data Name="UserAccountControl"> %%2080 %%2084</Data> <Data Name="UserParameters">-</Data> <Data Name="SidHistory">-</Data> <Data Name="LogonHours">%%1793</Data> </EventData> </Event> EDM Server Log Event: A user account was created using New-QADUser in proxy mode. Log Name: EDM Server Source: EDM Date: 10/28/2011 5:17:33 PM Event ID: 2692 Task Category: Operation Level: Information Keywords: Classic User: LEMONARS670FIX2\Administrator Computer: lemonars670fix2.lemon.msk.qsft Description: Operation has been successfully performed Operation ID: 1-15598 Operation GUID: 221058ec-f248-4b34-953e-e053150befc5 Operation: Create Object Object name: Julian Bashir Object parent container: lemon.msk.qsft/Moscow Object type: user Object GUID: 67bd2c7c-a6c0-45b1-91ac-9998a63978c3 Initiator: LEMONARS670FIX2\Administrator Operation reason: Details: Attributes: objectClass user sAMAccountName 0275de184c displayName Julian Bashir objectSid 01-05-00-00-00-00-00-05-15-00-00-00-EA-91-D9-D3-FA-FE-64-4B-A4-6A-2B-A9BD-08-00-00 userAccountControl 546 Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="EDM" /> <EventID Qualifiers="0">2692</EventID> <Level>4</Level> <Task>38</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-10-28T13:17:33.000000000Z" /> <EventRecordID>443831</EventRecordID> <Channel>EDM Server</Channel> <Computer>lemonars670fix2.lemon.msk.qsft</Computer> <Security UserID="S-1-5-21-1848092012-1926383285-923607351-500" /> </System> <EventData> <Data>1-15598</Data> <Data>221058ec-f248-4b34-953e-e053150befc5</Data> <Data>Create Object</Data> <Data>Julian Bashir</Data> <Data>lemon.msk.qsft/Moscow</Data> <Data>user</Data> <Data>67bd2c7c-a6c0-45b1-91ac-9998a63978c3</Data> <Data>LEMONARS670FIX2\Administrator</Data> <Data> </Data> <Data>Attributes: objectClass user sAMAccountName 0275de184c displayName Julian Bashir objectSid 01-05-00-00-00-00-00-05-15-00-00-00-EA-91-D9-D3-FA-FE-64-4B-A4-6A-2B-A9BD-08-00-00 userAccountControl 546</Data> </EventData> </Event> Security Log Event: A user account was changed using Set-ADUser cmdlets (Description, City). Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 10/28/2011 4:48:40 PM Event ID: 4738 Task Category: User Account Management Level: Information Keywords: Audit Success User: N/A Computer: lemondc.lemon.msk.qsft Description: A user account was changed. Subject: Security ID: Account Name: Account Domain: Logon ID: LEMON\Administrator Administrator LEMON 0x189d639 Target Account: Security ID: Account Name: Account Domain: LEMON\Miles O'Brien Miles O'Brien LEMON Changed Attributes: SAM Account Name: Display Name: User Principal Name: Home Directory: Home Drive: Script Path: Profile Path: User Workstations: Password Last Set: Account Expires: Primary Group ID: AllowedToDelegateTo: Old UAC Value: New UAC Value: User Account Control: - User Parameters: SID History: Logon Hours: - Additional Information: Privileges: Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA3E3B0328C30D}" /> <EventID>4738</EventID> <Version>0</Version> <Level>0</Level> <Task>13824</Task> <Opcode>0</Opcode> <Keywords>0x8020000000000000</Keywords> <TimeCreated SystemTime="2011-10-28T12:48:40.841397400Z" /> <EventRecordID>70030610</EventRecordID> <Correlation /> <Execution ProcessID="544" ThreadID="1676" /> <Channel>Security</Channel> <Computer>lemondc.lemon.msk.qsft</Computer> <Security /> </System> <EventData> <Data Name="Dummy">-</Data> <Data Name="TargetUserName">Miles O'Brien</Data> <Data Name="TargetDomainName">LEMON</Data> <Data Name="TargetSid">S-1-5-21-3554251242-1264910074-2838194852-2235</Data> <Data Name="SubjectUserSid">S-1-5-21-3554251242-1264910074-2838194852-500</Data> <Data Name="SubjectUserName">Administrator</Data> <Data Name="SubjectDomainName">LEMON</Data> <Data Name="SubjectLogonId">0x189d639</Data> <Data Name="PrivilegeList">-</Data> <Data Name="SamAccountName">-</Data> <Data Name="DisplayName">-</Data> <Data Name="UserPrincipalName">-</Data> <Data Name="HomeDirectory">-</Data> <Data Name="HomePath">-</Data> <Data Name="ScriptPath">-</Data> <Data Name="ProfilePath">-</Data> <Data Name="UserWorkstations">-</Data> <Data Name="PasswordLastSet">-</Data> <Data Name="AccountExpires">-</Data> <Data Name="PrimaryGroupId">-</Data> <Data Name="AllowedToDelegateTo">-</Data> <Data Name="OldUacValue">-</Data> <Data Name="NewUacValue">-</Data> <Data Name="UserAccountControl">-</Data> <Data Name="UserParameters">-</Data> <Data Name="SidHistory">-</Data> <Data Name="LogonHours">-</Data> </EventData> </Event> EDM Server Log Event: A user account was changed using Set-QADUser cmdlet in proxy mode (City, Description). Log Name: EDM Server Source: EDM Date: 10/28/2011 5:24:59 PM Event ID: 2692 Task Category: Operation Level: Information Keywords: Classic User: LEMONARS670FIX2\Administrator Computer: lemonars670fix2.lemon.msk.qsft Description: Operation has been successfully performed Operation ID: 1-15603 Operation GUID: 57da1164-a8f8-408f-b4da-4e3cdc4ab4e2 Operation: Modify Object Object name: Julian Bashir Object parent container: lemon.msk.qsft/Moscow Object type: user Object GUID: 67bd2c7c-a6c0-45b1-91ac-9998a63978c3 Initiator: LEMONARS670FIX2\Administrator Operation reason: Details: Attributes: department Medical l Deep Space 9 Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="EDM" /> <EventID Qualifiers="0">2692</EventID> <Level>4</Level> <Task>38</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-10-28T13:24:59.000000000Z" /> <EventRecordID>444010</EventRecordID> <Channel>EDM Server</Channel> <Computer>lemonars670fix2.lemon.msk.qsft</Computer> <Security UserID="S-1-5-21-1848092012-1926383285-923607351-500" /> </System> <EventData> <Data>1-15603</Data> <Data>57da1164-a8f8-408f-b4da-4e3cdc4ab4e2</Data> <Data>Modify Object</Data> <Data>Julian Bashir</Data> <Data>lemon.msk.qsft/Moscow</Data> <Data>user</Data> <Data>67bd2c7c-a6c0-45b1-91ac-9998a63978c3</Data> <Data>LEMONARS670FIX2\Administrator</Data> <Data> </Data> <Data>Attributes: department Medical l Deep Space 9</Data> </EventData> </Event> Security Log Event: A user account was deleted using Remove-ADUser cmdlet. Log Name: Security Source: Microsoft-Windows-Security-Auditing Date: 10/28/2011 5:11:58 PM Event ID: 4726 Task Category: User Account Management Level: Information Keywords: Audit Success User: N/A Computer: lemondc.lemon.msk.qsft Description: A user account was deleted. Subject: Security ID: Account Name: Account Domain: Logon ID: LEMON\Administrator Administrator LEMON 0x18b2647 Target Account: Security ID: Account Name: LEMON\Jadzia Dax Jadzia Dax Account Domain: LEMON Additional Information: Privileges Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="Microsoft-Windows-Security-Auditing" Guid="{54849625-5478-4994-A5BA3E3B0328C30D}" /> <EventID>4726</EventID> <Version>0</Version> <Level>0</Level> <Task>13824</Task> <Opcode>0</Opcode> <Keywords>0x8020000000000000</Keywords> <TimeCreated SystemTime="2011-10-28T13:11:58.851654900Z" /> <EventRecordID>70033428</EventRecordID> <Correlation /> <Execution ProcessID="544" ThreadID="1232" /> <Channel>Security</Channel> <Computer>lemondc.lemon.msk.qsft</Computer> <Security /> </System> <EventData> <Data Name="TargetUserName">Jadzia Dax</Data> <Data Name="TargetDomainName">LEMON</Data> <Data Name="TargetSid">S-1-5-21-3554251242-1264910074-2838194852-2236</Data> <Data Name="SubjectUserSid">S-1-5-21-3554251242-1264910074-2838194852-500</Data> <Data Name="SubjectUserName">Administrator</Data> <Data Name="SubjectDomainName">LEMON</Data> <Data Name="SubjectLogonId">0x18b2647</Data> <Data Name="PrivilegeList">-</Data> </EventData> </Event> EDM Server Log Event: A user account was deleted using Remove-QADObject in proxy mode. Log Name: EDM Server Source: EDM Date: 10/28/2011 5:36:56 PM Event ID: 2692 Task Category: Operation Level: Information Keywords: Classic User: LEMONARS670FIX2\Administrator Computer: lemonars670fix2.lemon.msk.qsft Description: Operation has been successfully performed Operation ID: 1-15605 Operation GUID: c39c7d7f-4e20-4514-b2f0-79c16ebf878a Operation: Delete Object Object name: Julian Bashir Object parent container: lemon.msk.qsft/Moscow Object type: user Object GUID: 67bd2c7c-a6c0-45b1-91ac-9998a63978c3 Initiator: LEMONARS670FIX2\Administrator Operation reason: Details: Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="EDM" /> <EventID Qualifiers="0">2692</EventID> <Level>4</Level> <Task>38</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-10-28T13:36:56.000000000Z" /> <EventRecordID>444089</EventRecordID> <Channel>EDM Server</Channel> <Computer>lemonars670fix2.lemon.msk.qsft</Computer> <Security UserID="S-1-5-21-1848092012-1926383285-923607351-500" /> </System> <EventData> <Data>1-15605</Data> <Data>c39c7d7f-4e20-4514-b2f0-79c16ebf878a</Data> <Data>Delete Object</Data> <Data>Julian Bashir</Data> <Data>lemon.msk.qsft/Moscow</Data> <Data>user</Data> <Data>67bd2c7c-a6c0-45b1-91ac-9998a63978c3</Data> <Data>LEMONARS670FIX2\Administrator</Data> <Data> </Data> <Data> </Data> </EventData> </Event> Examples of Active Roles specific events Attestation Review started Log Name: EDM Server Source: EDM Date: 10/24/2011 5:40:24 PM Event ID: 2570 Task Category: AttestationReview Level: Information Keywords: Classic User: LEMON\Administrator Computer: lemonars670fix2.lemon.msk.qsft Description: Attestation Review started Configuration: Access to financial reports Start time and date: 10/24/2011 1:40:21 PM Duration (days): 7 Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="EDM" /> <EventID Qualifiers="0">2570</EventID> <Level>4</Level> <Task>33</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-10-24T13:40:24.000000000Z" /> <EventRecordID>433055</EventRecordID> <Channel>EDM Server</Channel> <Computer>lemonars670fix2.lemon.msk.qsft</Computer> <Security UserID="S-1-5-21-3554251242-1264910074-2838194852-500" /> </System> <EventData> <Data>Access to financial reports</Data> <Data>10/24/2011 1:40:21 PM</Data> <Data>7</Data> </EventData> </Event> Workflow instance has been successfully completed Log Name: EDM Server Source: EDM Date: 10/6/2011 7:58:09 PM Event ID: 2702 Task Category: Workflow Level: Information Keywords: Classic User: LEMON\Spock Computer: lemonars670fix2.lemon.msk.qsft Description: Workflow instance has been successfully completed. Workflow name: hgjhm Workflow GUID: 803016e2-5dd9-44fd-acb0-bc0e66808dc4 Workflow instance GUID: dff47bf0-c702-4245-a7d4-75a53a253f1d Operation ID: 1-14001 Operation GUID: 05296d01-6542-4c58-8ba7-accc263e5f5e Operation: Create Object Object name: qwerqwe Object parent container: lemon.msk.qsft/Atsvetko Object type: user Object GUID: Initiator: LEMON\Spock Workflow instance has been started. Log Name: EDM Server Source: EDM Date: 10/24/2011 5:23:14 PM Event ID: 2701 Task Category: Workflow Level: Information Keywords: Classic User: LEMONARS670FIX2\Administrator Computer: lemonars670fix2.lemon.msk.qsft Description: Workflow instance has been started. Workflow name: Group Membership Approval Workflow GUID: 05b753fb-109d-4b0f-8aee-1bf32391cc2c Workflow instance GUID: e3d22ed8-93cf-49e9-bb5c-6e994b60f90e Operation ID: 1-14895 Operation GUID: e86a85bd-29d3-4049-b551-283af6cab040 Operation: Modify Object Object name: FinancialReports Object parent container: lemon.msk.qsft/Atsvetko Object type: group Object GUID: d24fb049-400c-403f-a489-ab8e8fb80acd Initiator: LEMONARS670FIX2\Administrator Operation reason: Details: Attributes: member (append) CN=John Smith,OU=BPOS Connector,OU=SKolpakov,DC=lemon,DC=msk,DC=qsft CN=Bill Clinton,OU=BPOS Connector,OU=SKolpakov,DC=lemon,DC=msk,DC=qsft CN=George Bush,OU=BPOS Connector,OU=SKolpakov,DC=lemon,DC=msk,DC=qsft CN=Barak Obama,OU=BPOS Connector,OU=SKolpakov,DC=lemon,DC=msk,DC=qsft CN=Elena Lisova,DC=lemon,DC=msk,DC=qsft CN=Luba Kolina,DC=lemon,DC=msk,DC=qsft CN=Lorak Currey,OU=qax,OU=SKolpakov,DC=lemon,DC=msk,DC=qsft Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="EDM" /> <EventID Qualifiers="0">2701</EventID> <Level>4</Level> <Task>36</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-10-24T13:23:14.000000000Z" /> <EventRecordID>432864</EventRecordID> <Channel>EDM Server</Channel> <Computer>lemonars670fix2.lemon.msk.qsft</Computer> <Security UserID="S-1-5-21-1848092012-1926383285-923607351-500" /> </System> <EventData> <Data>Group Membership Approval</Data> <Data>05b753fb-109d-4b0f-8aee-1bf32391cc2c</Data> <Data>e3d22ed8-93cf-49e9-bb5c-6e994b60f90e</Data> <Data>1-14895</Data> <Data>e86a85bd-29d3-4049-b551-283af6cab040</Data> <Data>Modify Object</Data> <Data>FinancialReports</Data> <Data>lemon.msk.qsft/Atsvetko</Data> <Data>group</Data> <Data>d24fb049-400c-403f-a489-ab8e8fb80acd</Data> <Data>LEMONARS670FIX2\Administrator</Data> <Data> </Data> <Data>Attributes: member (append) CN=John Smith,OU=BPOS Connector,OU=SKolpakov,DC=lemon,DC=msk,DC=qsft CN=Bill Clinton,OU=BPOS Connector,OU=SKolpakov,DC=lemon,DC=msk,DC=qsft CN=George Bush,OU=BPOS Connector,OU=SKolpakov,DC=lemon,DC=msk,DC=qsft CN=Barak Obama,OU=BPOS Connector,OU=SKolpakov,DC=lemon,DC=msk,DC=qsft CN=Elena Lisova,DC=lemon,DC=msk,DC=qsft CN=Luba Kolina,DC=lemon,DC=msk,DC=qsft CN=Lorak Currey,OU=qax,OU=SKolpakov,DC=lemon,DC=msk,DC=qsft</Data> </EventData> </Event> Workflow instance has been successfully completed. Log Name: EDM Server Source: EDM Date: 10/24/2011 5:23:14 PM Event ID: 2702 Task Category: Workflow Level: Information Keywords: Classic User: LEMONARS670FIX2\Administrator Computer: lemonars670fix2.lemon.msk.qsft Description: Workflow instance has been successfully completed. Workflow name: Group Membership Approval Workflow GUID: 05b753fb-109d-4b0f-8aee-1bf32391cc2c Workflow instance GUID: e3d22ed8-93cf-49e9-bb5c-6e994b60f90e Operation ID: 1-14895 Operation GUID: e86a85bd-29d3-4049-b551-283af6cab040 Operation: Modify Object Object name: FinancialReports Object parent container: lemon.msk.qsft/Atsvetko Object type: group Object GUID: d24fb049-400c-403f-a489-ab8e8fb80acd Initiator: LEMONARS670FIX2\Administrator Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="EDM" /> <EventID Qualifiers="0">2702</EventID> <Level>4</Level> <Task>36</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-10-24T13:23:14.000000000Z" /> <EventRecordID>432865</EventRecordID> <Channel>EDM Server</Channel> <Computer>lemonars670fix2.lemon.msk.qsft</Computer> <Security UserID="S-1-5-21-1848092012-1926383285-923607351-500" /> </System> <EventData> <Data>Group Membership Approval</Data> <Data>05b753fb-109d-4b0f-8aee-1bf32391cc2c</Data> <Data>e3d22ed8-93cf-49e9-bb5c-6e994b60f90e</Data> <Data>1-14895</Data> <Data>e86a85bd-29d3-4049-b551-283af6cab040</Data> <Data>Modify Object</Data> <Data>FinancialReports</Data> <Data>lemon.msk.qsft/Atsvetko</Data> <Data>group</Data> <Data>d24fb049-400c-403f-a489-ab8e8fb80acd</Data> <Data>LEMONARS670FIX2\Administrator</Data> </EventData> </Event> Execution of workflow instance failed. Log Name: EDM Server Source: EDM Date: 10/24/2011 6:02:03 PM Event ID: 2703 Task Category: Workflow Level: Error Keywords: Classic User: LEMONARS670FIX2\Administrator Computer: lemonars670fix2.lemon.msk.qsft Description: Execution of workflow instance failed. Workflow name: Create user Approval Workflow GUID: 94952881-7337-465b-b10e-b3e6867fa0a6 Workflow instance GUID: ae97da57-15d7-4b4f-a2cc-393a7751e028 Operation ID: 1-14924 Operation GUID: 48120bb8-fd14-4228-8ef1-fe9fbb212cba Operation: Copy Object Object name: Katrick Katricka Object parent container: lemon.msk.qsft/Atsvetko Object type: user Object GUID: Initiator: LEMONARS670FIX2\Administrator Details: Administration Service encountered an error when creating a copy of the object 'CN=Ray Garcia,OU=Atsvetko,DC=lemon,DC=msk,DC=qsft'. Creation of this object failed: CN=Katrick Katricka,OU=Atsvetko,DC=lemon,DC=msk,DC=qsft Administration Service encountered an error when creating the object 'CN=Katrick Katricka,OU=Atsvetko,DC=lemon,DC=msk,DC=qsft'. Value does not fall within the expected range. Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="EDM" /> <EventID Qualifiers="49152">2703</EventID> <Level>2</Level> <Task>36</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-10-24T14:02:03.000000000Z" /> <EventRecordID>433132</EventRecordID> <Channel>EDM Server</Channel> <Computer>lemonars670fix2.lemon.msk.qsft</Computer> <Security UserID="S-1-5-21-1848092012-1926383285-923607351-500" /> </System> <EventData> <Data>Create user Approval</Data> <Data>94952881-7337-465b-b10e-b3e6867fa0a6</Data> <Data>ae97da57-15d7-4b4f-a2cc-393a7751e028</Data> <Data>1-14924</Data> <Data>48120bb8-fd14-4228-8ef1-fe9fbb212cba</Data> <Data>Copy Object</Data> <Data>Katrick Katricka</Data> <Data>lemon.msk.qsft/Atsvetko</Data> <Data>user</Data> <Data> </Data> <Data>LEMONARS670FIX2\Administrator</Data> <Data>Details: Administration Service encountered an error when creating a copy of the object 'CN=Ray Garcia,OU=Atsvetko,DC=lemon,DC=msk,DC=qsft'. Creation of this object failed: CN=Katrick Katricka,OU=Atsvetko,DC=lemon,DC=msk,DC=qsft Administration Service encountered an error when creating the object 'CN=Katrick Katricka,OU=Atsvetko,DC=lemon,DC=msk,DC=qsft'. Value does not fall within the expected range.</Data> <Data> </Data> </EventData> </Event> Attestor certified object during Attestation Review Log Name: EDM Server Source: EDM Date: 10/25/2011 6:33:28 PM Event ID: 2576 Task Category: AttestationReview Level: Information Keywords: Classic User: LEMON\Spock Computer: lemonars670fix2.lemon.msk.qsft Description: Attestor certified object during Attestation Review Object: CN=FinancialReports,OU=Atsvetko,DC=lemon,DC=msk,DC=qsft Attestor: CN=Spock,OU=MShilov,DC=lemon,DC=msk,DC=qsft Attestation Review configuration: Group Membership Review Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="EDM" /> <EventID Qualifiers="0">2576</EventID> <Level>4</Level> <Task>33</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-10-25T14:33:28.000000000Z" /> <EventRecordID>434445</EventRecordID> <Channel>EDM Server</Channel> <Computer>lemonars670fix2.lemon.msk.qsft</Computer> <Security UserID="S-1-5-21-3554251242-1264910074-2838194852-2169" /> </System> <EventData> <Data>CN=FinancialReports,OU=Atsvetko,DC=lemon,DC=msk,DC=qsft</Data> <Data>CN=Spock,OU=MShilov,DC=lemon,DC=msk,DC=qsft</Data> <Data>Group Membership Review</Data> </EventData> </Event> Scheduled task has been started. Log Name: EDM Server Source: EDM Date: 10/25/2011 2:00:00 AM Event ID: 1521 Task Category: ScheduledTask Level: Information Keywords: Classic User: LEMON\Administrator Computer: lemonars670fix2.lemon.msk.qsft Description: Scheduled task has reported an event. Task ID: 45f3718f-f808-43f7-96fc-3b7e8e2a8952 Object name: Mailbox Location Checker Start date: 10/25/2011 Start time: 2:00:00 AM Script module: Verifies mailbox distribution among mailbox stores. Task started its execution Event Xml: <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> <System> <Provider Name="EDM" /> <EventID Qualifiers="0">1521</EventID> <Level>4</Level> <Task>27</Task> <Keywords>0x80000000000000</Keywords> <TimeCreated SystemTime="2011-10-24T22:00:00.000000000Z" /> <EventRecordID>433845</EventRecordID> <Channel>EDM Server</Channel> <Computer>lemonars670fix2.lemon.msk.qsft</Computer> <Security UserID="S-1-5-21-3554251242-1264910074-2838194852-500" /> </System> <EventData> <Data>45f3718f-f808-43f7-96fc-3b7e8e2a8952</Data> <Data>Mailbox Location Checker</Data> <Data>10/25/2011</Data> <Data>2:00:00 AM</Data> <Data>Verifies mailbox distribution among mailbox stores.</Data> <Data>Task started its execution</Data> <Data> </Data> <Data> </Data> </EventData> </Event>

Language=English

Related documents

Products

Support

Language=English

Related documents

Add this document to collection(s)

Add this document to saved

Suggest us how to improve StudyLib