Live Demo
Free Edition
Download NowSystem Event » Directory Service Event: 4928
Event ID 4928: An Active Directory replica source naming context was established.
| Description | This event generates every time a new Active Directory replica source naming context is established. |
| Category | Directory service |
| Subcategory | Directory service replication |
This event logs the following information:
| Destination DRA | Destination directory replication agent distinguished name. |
| Source DRA | Destination directory replication agent distinguished name. |
| Source address | DNS record of the Server from which information or an update was received. |
| Naming context | Naming context to replicate |
| Status code | If there are no issues or errors, the status code will be 0. If an error happened, you will receive Failure event and Status Code will not be equal to “0”. |
| Options | Decimal value for DRS options |
Reasons to monitor this event:
- Monitor for Source Address field, because the source of new replication (new DRA) must be authorized for this action. If you find any unauthorized DRA you should trigger an event.
- This event is typically used for Active Directory replication troubleshooting.
Event 4928 applies to the following operating systems:
- Windows Server 2008 R2 and 7
- Windows Server 2012 R2 and 8.1
- Windows Server 2016 and 10
Explore Active Directory auditing and reporting with ADAudit Plus.
Account Management Auditing
Active Directory Auditing
Windows Server Auditing
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools