Directory Service Event: 4662

Introducing ADAudit Plus' Attack Surface Analyzer—Detect 25+ AD attacks and identify risky Azure configurations. Learn more×
Active Directory Auditing Tool

The Who, Where and When information is very important for an administrator to have complete knowledge of all activities that occur on their Active Directory. This helps them identify any desired / undesired activity happening. ADAudit Plus assists an administrator with this information in the form of reports. In real-time, ensure critical resources in the network like the Domain Controllers are audited, monitored and reported with the entire information on AD objects - Users, Groups, GPO, Computer, OU, DNS, AD Schema and Configuration changes with 200+ detailed event specific GUI reports and email alerts.

System Event » Directory Service Event: 4662

Event ID 4662: An operation was performed on an object.

Description The event is generated when a user accesses an AD object.
Category Directory service
Subcategory Directory service access

The event logs the following information:

Subject
  • Security ID
  • Account Name
  • Account Domain
  • Logon ID
Object
  • Object Server
  • Object type
  • Object name
  • Handle ID
Operation
  • Operation type
  • Accesses
  • Access Mask
  • Properties

Corresponding event in 2003 and earlier versions: Event 566

Pro tip:

ADAudit Plus helps in tracking deletion of directory service objects, besides security principals, such as OU, GPO, container, contact, DNS node, etc.

Event 4662 applies to the following operating systems:

  • Windows Server 2008 R2 and 7
  • Windows Server 2012 R2 and 8.1
  • Windows Server 2016 and 10

Explore Active Directory auditing and reporting with ADAudit Plus.

  •  
  •  
  •  
  • By clicking 'Schedule a personalized demo' you agree to processing of personal data according to the Privacy Policy.
Account Management Auditing
Active Directory Auditing
Windows Server Auditing
Back to Top