Directory Service Event: 4928

Active Directory Auditing Tool

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on their Active Directory. This helps them identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects - Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

System Event » Directory Service Event: 4928

Event ID 4928: An Active Directory replica source naming context was established.

Description This event generates every time a new Active Directory replica source naming context is established.
Category Directory service
Subcategory Directory service replication

This event logs the following information:

Destination DRA Destination directory replication agent distinguished name.
Source DRA Destination directory replication agent distinguished name.
Source address DNS record of the Server from which information or an update was received.
Naming context Naming context to replicate
Status code If there are no issues or errors, the status code will be 0. If an error happened, you will receive Failure event and Status Code will not be equal to “0”.
Options Decimal value for DRS options

Reasons to monitor this event:

  • Monitor for Source Address field, because the source of new replication (new DRA) must be authorized for this action. If you find any unauthorized DRA you should trigger an event.
  • This event is typically used for Active Directory replication troubleshooting.

Event 4928 applies to the following operating systems:

  • Windows Server 2008 R2 and 7
  • Windows Server 2012 R2 and 8.1
  • Windows Server 2016 and 10

Explore Active Directory auditing and reporting with ADAudit Plus.

  • Enter your email id
    Please enter a valid email id
  • Enter your phone number
  • Select demo date
  • By clicking 'Schedule a personalized demo', you agree to processing of personal data according to the Privacy Policy. You can unsubscribe from our mails at anytime.
Account Management Auditing
Active Directory Auditing
Windows Server Auditing