G
Guest
Hello
We received evet id 632 on our DC this morning and we are not sure if any
action needs to be taken. Please see below:
______________________________________________
Event ID : 632
Event Importance : Medium importance event
Date & Time : 6/20/2005 - 10:07:26 AM
Rule Triggered : New Security event log Processing Rule (2)
Computer : TOODC1
Event Log : Security
Event Source : Security
Event Category : Account Management
Event Type : Success Audit
S.E.L.M. Event ID : 1119048645_000000004002671
User Name : LTDTOO\EXCH$
Operating System : Windows 2000 Domain Controller
Security Enabled Global Group Member Added:
Member Name: CN=TOOADMIN,OU=Service
Accounts,OU=TOOBRANDS,DC=limitedtoo,DC=com
Member ID: LTDTOO\TOOADMIN
Target Account Name: Exchange Domain Servers
Target Domain: LTDTOO
Target Account ID: LTDTOO\Exchange Domain Servers
Caller User Name: EXCH$
Caller Domain: LTDTOO
Caller Logon ID: (0x0,0xB76B576)
Privileges: -
More Information:
User EXCH$ from domain LTDTOO has added a user account named
CN=TOOADMIN,OU=Service Accounts,OU=TOOBRANDS,DC=limitedtoo,DC=com to the
Security Enabled Global Group Exchange Domain Servers under domain LTDTOO.
Possible causes for the generation of this event are
(1) Normal administration operation performed by the Administrator on the
system organizational structure.
(2) After a successful intrusion, the intruder could alter the
organizational structure, if the account he gained access to has the
necessary rights to allow him to do so.
___________________________________________
Please advise and your assistance is greatly appreciated.
Thanks.
We received evet id 632 on our DC this morning and we are not sure if any
action needs to be taken. Please see below:
______________________________________________
Event ID : 632
Event Importance : Medium importance event
Date & Time : 6/20/2005 - 10:07:26 AM
Rule Triggered : New Security event log Processing Rule (2)
Computer : TOODC1
Event Log : Security
Event Source : Security
Event Category : Account Management
Event Type : Success Audit
S.E.L.M. Event ID : 1119048645_000000004002671
User Name : LTDTOO\EXCH$
Operating System : Windows 2000 Domain Controller
Security Enabled Global Group Member Added:
Member Name: CN=TOOADMIN,OU=Service
Accounts,OU=TOOBRANDS,DC=limitedtoo,DC=com
Member ID: LTDTOO\TOOADMIN
Target Account Name: Exchange Domain Servers
Target Domain: LTDTOO
Target Account ID: LTDTOO\Exchange Domain Servers
Caller User Name: EXCH$
Caller Domain: LTDTOO
Caller Logon ID: (0x0,0xB76B576)
Privileges: -
More Information:
User EXCH$ from domain LTDTOO has added a user account named
CN=TOOADMIN,OU=Service Accounts,OU=TOOBRANDS,DC=limitedtoo,DC=com to the
Security Enabled Global Group Exchange Domain Servers under domain LTDTOO.
Possible causes for the generation of this event are
(1) Normal administration operation performed by the Administrator on the
system organizational structure.
(2) After a successful intrusion, the intruder could alter the
organizational structure, if the account he gained access to has the
necessary rights to allow him to do so.
___________________________________________
Please advise and your assistance is greatly appreciated.
Thanks.