Etki alanı denetleyicisi yetkisiz dizin bölümünden bir veya daha fazla nesneyi çoğaltmayı isteği ve girişim başarısız oldu.
Örnek Olay:
Yerel etki alanı denetleyicisi aşağıdaki dizin bölümünde çoğaltma girişimini reddetti. Aşağıdaki etki alanı denetleyicisi yetkisiz dizin bölümünden bir veya daha fazla nesneyi çoğaltmayı isteği ve girişim başarısız oldu. Etki alanı denetleyicisi: %1 Dizin bölümü: %2 Bu, bir güvenlik riski oluşturabilir.
Daha fazla bilgi için, bkz.
Target | Microsoft.Windows.Server.2008.AD.DomainControllerRole | ||
Category | EventCollection | ||
Enabled | True | ||
Event_ID | 1964 | ||
Alert Generate | True | ||
Alert Severity | Error | ||
Alert Priority | Normal | ||
Remotable | True | ||
Alert Message |
| ||
Event Log | Directory Service | ||
Comment | Mom2005ID='{2A62BCCA-7928-4927-8E7E-530690CD5DA2}';MOM2005GroupID= |
ID | Module Type | TypeId | RunAs |
---|---|---|---|
DS | DataSource | Microsoft.Windows.EventProvider | Default |
CollectEventData | WriteAction | Microsoft.SystemCenter.CollectEvent | Default |
CollectEventDataWarehouse | WriteAction | Microsoft.SystemCenter.DataWarehouse.PublishEventData | Default |
GenerateAlert | WriteAction | System.Health.GenerateAlert | Default |
<Rule ID="The_local_domain_controller_has_denied_a_replication_attempt_on_a_directory_partition.__This_may_pose_a_security_risk_5_Rule" Comment="Mom2005ID='{2A62BCCA-7928-4927-8E7E-530690CD5DA2}';MOM2005GroupID=" Enabled="onEssentialMonitoring" Target="AD2008Core!Microsoft.Windows.Server.2008.AD.DomainControllerRole" ConfirmDelivery="true" Remotable="true" Priority="Normal" DiscardLevel="100">
<Category>EventCollection</Category>
<DataSources>
<DataSource ID="DS" TypeID="Windows!Microsoft.Windows.EventProvider">
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<LogName>Directory Service</LogName>
<Expression>
<And>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>EventDisplayNumber</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>1964</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
<Expression>
<SimpleExpression>
<ValueExpression>
<XPathQuery>Channel</XPathQuery>
</ValueExpression>
<Operator>Equal</Operator>
<ValueExpression>
<Value>Directory Service</Value>
</ValueExpression>
</SimpleExpression>
</Expression>
</And>
</Expression>
</DataSource>
</DataSources>
<WriteActions>
<WriteAction ID="GenerateAlert" TypeID="SystemHealth!System.Health.GenerateAlert">
<Priority>1</Priority>
<Severity>2</Severity>
<AlertOwner/>
<AlertMessageId>$MPElement[Name="The_local_domain_controller_has_denied_a_replication_attempt_on_a_directory_partition.__This_may_pose_a_security_risk_5_Rule.AlertMessage"]$</AlertMessageId>
<AlertParameters>
<AlertParameter1>$Data/EventDescription$</AlertParameter1>
</AlertParameters>
<Suppression>
<SuppressionValue/>
</Suppression>
</WriteAction>
<WriteAction ID="CollectEventData" TypeID="SC!Microsoft.SystemCenter.CollectEvent"/>
<WriteAction ID="CollectEventDataWarehouse" TypeID="SCDW!Microsoft.SystemCenter.DataWarehouse.PublishEventData"/>
</WriteActions>
</Rule>