Object Access Event: 4868

Active Directory Auditing Tool

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on their Active Directory. This helps them identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects - Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

Object Access » Object Access Event: 4868

Event ID 4868 – The Certificate Manager Denied A Pending Certificate Request

Event ID 4868
Category Object Access: Certification Services
Type Success Audit
Description The certificate manager denied a pending certificate request.

Generally, administrators and certificate managers are configured to approve Certification Authorities and Certificate Templates only after which the certificate can be signed and issued by the CA. When the certificate manger denies the request, event 4868 is logged.All events pertaining to the same request will be logged with the same Request ID. For this event to be logged, the corresponding feature needs to be enabled in the CA's properties tab.

This log data provides the following information:

  • Request ID

Why does event ID 4868 need to be monitored?

Event ID 4818 is primarily monitored to ensure only authorized and allowed certification request are carried out. This should be monitored for signs of malicious activity.

Pro Tip:

With 200+ reports and real-time email and SMS alerts, ADAudit Plus tracks all certificate services related events, thus helping you meet your security, operational, and compliance needs with absolute ease.

Event 4868 applies to the following operating systems:

  • Windows 2008 R2 and 7
  • Windows 2012 R2 and 8.1
  • Windows 2016 and 10