Event ID 610 – New Trusted Domain
The logging of event 610 varies between different OSes. On Win2000, event 610 is logged twice by the domain controller when the user creates a trust relationship successfully with the specified domain. Event 620 too is logged along with 610.
On the other hand, Windows Server 2003 only logs this once for every new trust. This is accompanied by the logging of event 565, when directory service auditing is turned on.
This log data provides the following information:
- Domain Name
- Domain ID
- User Name
- Logon ID
Why does event ID 610 need to be monitored?
All changes related to Active Directory domain trusts, such as creation of new trust, should be monitored. If an unplanned change occurs, the reason for the change must be investigated.
ADAudit Plus helps you avoid the GPOs monitoring complexities with real-time pre-configured reports and auditing of the changes along with alerts within a Domain & OU. The advanced Group Policy settings real-time audit reports highlight the elusive change details, and also provide the old and new values of the modified attributes.
Event 610 applies to the following operating systems:
- Windows Server 2000
- Windows 2003 and XP
Corresponding event ID in Windows 2008 and Windows Vista is 4706.