Directory Service Access + Event ID 566

Discussion in 'Active Directory' started by Neil, Feb 4, 2004.

  1. Neil

    Neil Guest

    Hello,

    I am receiving the following event log, can you help?:-

    Event Type: Failure Audit
    Event Source: Security
    Event Category: Directory Service Access
    Event ID: 566
    Date: 04/02/2004
    Time: 07:44:50
    User: PNM2\%servername%$ (VPN Server)
    Computer: %servername%$ (DC - Domain Controller)
    Description:
    Object Operation:
    Object Server: DS
    Operation Type: Object Access
    Object Type: dnsNode
    Object Name: DC=93,DC=1.168.192.in-
    addr.arpa,CN=MicrosoftDNS,CN=System,DC=premisesnet,DC=co,D
    C=uk
    Handle ID: -
    Primary User Name: %servername%$ (DC)
    Primary Domain: PNM2
    Primary Logon ID: (*x*,*x***)
    Client User Name: %servername%$ (VPN Server)
    Client Domain: PNM2
    Client Logon ID: (*x*,*x*******)
    Accesses: Write Self

    Properties:
    ---
    Default property set
    dnsRecord
    dNSTombstoned
    dnsNode

    Additional Info:
    Additional Info2:
    Access Mask: 0x8


    For more information, see Help and Support Center at
    http://go.microsoft.com/fwlink/events.asp.

    I can't find any information on this error
    Thank you in advance

    Neil
     
    Neil, Feb 4, 2004
    #1
    1. Advertisements

  2. This is not an error. Someone has enabled DS access auditing for failures,
    and the SACL on this object also has an entry which audits failed
    "write-self" or "extended write" accesses. Go edit the SACL on this object
    (that's in ADU&C or AdsiEdit, enable Advanced Features, then go to
    Properties/Security/Advanced/Auditing).

    Or you can disable DS access auditing altogether, if you want to, that's
    somewhere in group policy, sorry, don't remember exactly where.

    --
    Dmitri Gavrilov
    SDE, Active Directory Core

    This posting is provided "AS IS" with no warranties, and confers no rights.
    Use of included script samples are subject to the terms specified at
    http://www.microsoft.com/info/cpyright.htm
     
    Dmitri Gavrilov [MSFT], Feb 4, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.