Event ID 565: Object Open (Active Directory).
|Description||An attempt was made to access a directory service object.|
This event logs the following information:
|New handle ID||-|
|Access mask||Windows Server 2003 only|
Event 565 is similar to event 560 but is limited to recording open events on Active Directory objects. Event 565 is therefore only logged on domain controllers.
Reasons to monitor this event:
Event 565 allows you to track changes to Active Directory objects down to the property level. While Account Management provides more useful auditing for changes to users, groups and computers, Directory Service Access events are the only way to monitor potentially far-reaching effects of changes to organizational units, group policy objects, domains and site related objects.
ADAudit Plus logs this event since it keeps track of every directory service object access. Eg. OU, GPO, container, contact and other object types besides security principals.
Event 565 applies to the following operating systems:
- Windows Server 2000
- Windows Server 2003 and XP
Corresponding event in 2008 and above: Event 4661