Event ID 4675 – SIDs Were Filtered
Event ID | 4675 |
Category | Logon/Logoff |
Sub-Category | Audit Logon |
Type | Success Audit |
Description | SIDs were filtered. |
When SIDs are filtered for a specific Active Directory trust, event 4675 is generated.
An SID (security identifier) is a unique identifying value which is issued by an Active Directory domain controller, and is stored in a security database. When a user logs in, the system uses the SID to identify the user and subsequently identify all the interactions of the user with Windows Security.
Example of 4675 log:
SIDs were filtered.
Target Account:
Security ID: %1
Account Name: %2
Account Domain: %3
Trust Information:
Trust Direction: %4
Trust Attributes: %5
Trust Type: %6
TDO Domain SID: %7
Filtered SIDs: %8
Why does event ID 4675 need to be monitored?
- Event 4675 helps monitor SID filtering operations for a specific or all Active Directory trusts.
Pro Tip:
With in-depth reports, real-time alerts, and graphical displays, ADAudit Plus tracks all interactions with Windows Security, thus helping you meet your security, compliance, and operational needs with absolute ease.
Event 4675 applies to the following operating systems:
- Windows 2008 R2 and 7
- Windows 2012 R2 and 8.1
- Windows 2016 and 10
Explore Active Directory auditing and reporting with ADAudit Plus.
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools