Policy Change Event: 610

Active Directory Auditing Tool

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on their Active Directory. This helps them identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects - Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

Process Tracking » Policy Change Event: 610

Event ID 610 – New Trusted Domain

Event ID 610
Category Policy Change
Type Success Audit

The logging of event 610 varies between different OSes. On Win2000, event 610 is logged twice by the domain controller when the user creates a trust relationship successfully with the specified domain. Event 620 too is logged along with 610.

On the other hand, Windows Server 2003 only logs this once for every new trust. This is accompanied by the logging of event 565, when directory service auditing is turned on.

This log data provides the following information:

  • Domain Name
  • Domain ID
  • User Name
  • Domain
  • Logon ID

Why does event ID 610 need to be monitored?

All changes related to Active Directory domain trusts, such as creation of new trust, should be monitored. If an unplanned change occurs, the reason for the change must be investigated.

Pro Tip:

ADAudit Plus helps you avoid the GPOs monitoring complexities with real-time pre-configured reports and auditing of the changes along with alerts within a Domain & OU. The advanced Group Policy settings real-time audit reports highlight the elusive change details, and also provide the old and new values of the modified attributes.

Event 610 applies to the following operating systems:

  • Windows Server 2000
  • Windows 2003 and XP

Corresponding event ID in Windows 2008 and Windows Vista is 4706.