Event ID 4675 – SIDs Were Filtered
|Description||SIDs were filtered.|
When SIDs are filtered for a specific Active Directory trust, event 4675 is generated.
An SID (security identifier) is a unique identifying value which is issued by an Active Directory domain controller, and is stored in a security database. When a user logs in, the system uses the SID to identify the user and subsequently identify all the interactions of the user with Windows Security.
Example of 4675 log:
SIDs were filtered.
Security ID: %1
Account Name: %2
Account Domain: %3
Trust Direction: %4
Trust Attributes: %5
Trust Type: %6
TDO Domain SID: %7
Filtered SIDs: %8
Why does event ID 4675 need to be monitored?
- Event 4675 helps monitor SID filtering operations for a specific or all Active Directory trusts.
With in-depth reports, real-time alerts, and graphical displays, ADAudit Plus tracks all interactions with Windows Security, thus helping you meet your security, compliance, and operational needs with absolute ease.
Event 4675 applies to the following operating systems:
- Windows 2008 R2 and 7
- Windows 2012 R2 and 8.1
- Windows 2016 and 10