Directory Service Event: 565

Active Directory Auditing Tool

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on their Active Directory. This helps them identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects - Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

System Event » Directory Service Event: 565

Event ID 565: Object Open (Active Directory).

Description An attempt was made to access a directory service object.
Category Directory service

This event logs the following information:

Object
  • Object Server
  • Object type
  • Object name
Process
  • Process ID
  • Process name
New handle ID -
Operation ID -
Primary user
  • Primary user name
  • Primary Domain
  • Primary logon ID
Client user
  • Client user name
  • Client domain
  • Client logon ID
Accesses -
Priveleges -
Properties -
Access mask Windows Server 2003 only

Related events:

Event 565 is similar to event 560 but is limited to recording open events on Active Directory objects. Event 565 is therefore only logged on domain controllers.

Reasons to monitor this event:

Event 565 allows you to track changes to Active Directory objects down to the property level. While Account Management provides more useful auditing for changes to users, groups and computers, Directory Service Access events are the only way to monitor potentially far-reaching effects of changes to organizational units, group policy objects, domains and site related objects.

Pro tip:

ADAudit Plus logs this event since it keeps track of every directory service object access. Eg. OU, GPO, container, contact and other object types besides security principals.

Event 565 applies to the following operating systems:

  • Windows Server 2000
  • Windows Server 2003 and XP

Corresponding event in 2008 and above: Event 4661