Event ID 632




We received evet id 632 on our DC this morning and we are not sure if any
action needs to be taken. Please see below:
Event ID : 632
Event Importance : Medium importance event
Date & Time : 6/20/2005 - 10:07:26 AM
Rule Triggered : New Security event log Processing Rule (2)
Computer : TOODC1
Event Log : Security
Event Source : Security
Event Category : Account Management
Event Type : Success Audit
S.E.L.M. Event ID : 1119048645_000000004002671
User Name : LTDTOO\EXCH$
Operating System : Windows 2000 Domain Controller

Security Enabled Global Group Member Added:
Member Name: CN=TOOADMIN,OU=Service
Target Account Name: Exchange Domain Servers
Target Domain: LTDTOO
Target Account ID: LTDTOO\Exchange Domain Servers
Caller User Name: EXCH$
Caller Domain: LTDTOO
Caller Logon ID: (0x0,0xB76B576)
Privileges: -
More Information:
User EXCH$ from domain LTDTOO has added a user account named
CN=TOOADMIN,OU=Service Accounts,OU=TOOBRANDS,DC=limitedtoo,DC=com to the
Security Enabled Global Group Exchange Domain Servers under domain LTDTOO.

Possible causes for the generation of this event are
(1) Normal administration operation performed by the Administrator on the
system organizational structure.
(2) After a successful intrusion, the intruder could alter the
organizational structure, if the account he gained access to has the
necessary rights to allow him to do so.

Please advise and your assistance is greatly appreciated.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question