Event ID 4928: An Active Directory replica source naming context was established.
|Description||This event generates every time a new Active Directory replica source naming context is established.|
|Subcategory||Directory service replication|
This event logs the following information:
|Destination DRA||Destination directory replication agent distinguished name.|
|Source DRA||Destination directory replication agent distinguished name.|
|Source address||DNS record of the Server from which information or an update was received.|
|Naming context||Naming context to replicate|
|Status code||If there are no issues or errors, the status code will be 0. If an error happened, you will receive Failure event and Status Code will not be equal to “0”.|
|Options||Decimal value for DRS options|
Reasons to monitor this event:
- Monitor for Source Address field, because the source of new replication (new DRA) must be authorized for this action. If you find any unauthorized DRA you should trigger an event.
- This event is typically used for Active Directory replication troubleshooting.
Event 4928 applies to the following operating systems:
- Windows Server 2008 R2 and 7
- Windows Server 2012 R2 and 8.1
- Windows Server 2016 and 10
Explore Active Directory auditing and reporting with ADAudit Plus.
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools