Hi Luke,
To be more clear, please look the following example from Security Log -
Directory Service Access - Event ID 566:
----------------------------------------------------------------------------------------------
Object Operation:
Object Server: DS
Operation Type: Object Access
Object Type: %{bf967a9c-0de6-11d0-a285-00aa003049e2}
Object Name: %{4ca867ab-860a-43b6-a27b-ab1ecf631296}
Handle ID: -
Primary User Name: ALIENIII$
Primary Domain: LIFE
Primary Logon ID: (0x0,0xAAA)
Client User Name: someUser
Client Domain: someDomain
Client Logon ID: (0x0,0xBBBB)
Accesses: %Write Property
Properties:
%Write Property
%{bc0ac240-79a9-11d0-9020-00c04fc2d4cf}
%{bf9679c0-0de6-11d0-a285-00aa003049e2}
%{bf967a9c-0de6-11d0-a285-00aa003049e2}
Additional Info:
Additional Info2:
Access Mask: 0x20
----------------------------------------------------------------------------------------------
By checking the ReplacementStrings, " Object Name:
%{4ca867ab-860a-43b6-a27b-ab1ecf631296}", is in fact an objectGUID from
domain partition (an user in this case), but the others as "Object Type" and
"Properties" do not return anything, if searching with objectGUID on domain
partition or on the schema.
Today, by searching Google I saw that some strings can be schemaIDGUID and
not objectGUID. But how to know which is each case?
When searching should be did on domain by objectGUID or by schemaIDGUID on
schema?
Thanks in Advance
Washington Moreira
"Luke Zhang [MSFT]" wrote:
Do you mean properties like "logon guid" in security event log? They are
not always with a actual value. If you want to find an object with a GUID.
You may search by ObjectGUID.
Regards,
Luke Zhang
Microsoft Online Community Support
==================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
