Event ID 565: Object Open (Active Directory).
Description | An attempt was made to access a directory service object. |
Category | Directory service |
This event logs the following information:
Object |
|
Process |
|
New handle ID | - |
Operation ID | - |
Primary user |
|
Client user |
|
Accesses | - |
Priveleges | - |
Properties | - |
Access mask | Windows Server 2003 only |
Related events:
Event 565 is similar to event 560 but is limited to recording open events on Active Directory objects. Event 565 is therefore only logged on domain controllers.
Reasons to monitor this event:
Event 565 allows you to track changes to Active Directory objects down to the property level. While Account Management provides more useful auditing for changes to users, groups and computers, Directory Service Access events are the only way to monitor potentially far-reaching effects of changes to organizational units, group policy objects, domains and site related objects.
Pro tip:
ADAudit Plus logs this event since it keeps track of every directory service object access. Eg. OU, GPO, container, contact and other object types besides security principals.
Event 565 applies to the following operating systems:
- Windows Server 2000
- Windows Server 2003 and XP
Corresponding event in 2008 and above: Event 4661
Explore Active Directory auditing and reporting with ADAudit Plus.
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools