Directory Service Event: 4661

Active Directory Auditing Tool

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on their Active Directory. This helps them identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects - Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

System Event » Directory Service Event: 4661

Event ID 4661: A handle to an object was requested.

Description The event is generated when a SAM object is opened.
Category Object access
Subcategory SAM

The event logs the following information:

Subject
  • Security ID
  • Account Name
  • Account Domain
  • Logon ID
Object
  • Object Server
  • Object type
  • Object name
  • Handle ID
Process
  • Process ID
  • Process name
Access request information
  • Transaction ID
  • Accesses
  • Access Mask
  • Privileges Used for Access Check
  • Properties
  • Restricted SID Count

Related events:

When the object is closed you get event ID 4658 with the same handle ID.

Corresponding event in 2003 and earlier versions: Event 565

Pro tip:

ADAudit Plus helps in tracking deletion of directory service objects, besides security principals, such as OU, GPO, container, contact, DNS node, etc.

Event 4661 applies to the following operating systems:

  • Windows Server 2008 R2 and 7
  • Windows Server 2012 R2 and 8.1
  • Windows Server 2016 and 10

Explore Active Directory auditing and reporting with ADAudit Plus.

  •  
  •  
  •  
  • By clicking 'Schedule a personalized demo' you agree to processing of personal data according to the Privacy Policy.
Account Management Auditing
Active Directory Auditing
Windows Server Auditing