modify subscription filter Active Directory changes


modify subscription filter Active Directory changes

geneva

I created a subscription in Supercharger using Builtin- Security: Active Directory Changes. But it doesn't collect Users that are Enabled, event ID:4722. I modified the filter, replaced event ID 4716 to 4722. But still no 4722 showing in event viewer on supercharger but I can see it in the domain controller. Can you help me with this please? 

Tamas Lengyel

geneva - 11/4/2020
I created a subscription in Supercharger using Builtin- Security: Active Directory Changes. But it doesn't collect Users that are Enabled, event ID:4722. I modified the filter, replaced event ID 4716 to 4722. But still no 4722 showing in event viewer on supercharger but I can see it in the domain controller. Can you help me with this please? 

4722 is not falling in any of the ranges specified by the filter.

Please note that &gt; stands for > and &lt; stands for <. Accordingly,
(EventID &gt;= 4716 and EventID &lt;= 4720) or (EventID &gt;= 4725 and EventID &lt;= 4735)
means
(EventID <= 4716 and EventID >= 4720) or (EventID <= 4725 and EventID >= 4735)

So, event IDs 4716-4720 and 4725-4735 are selected.
To include event ID 4722, you can add "or EventID = 4722", like this:
(EventID &gt;= 4716 and EventID &lt;= 4720) or EventID = 4722 or (EventID &gt;= 4725 and EventID &lt;= 4735)

GO


Similar Topics


Reading This Topic


Login
Existing Account
Email Address:


Password:


Select a Forum....








LOGbinder Forum


Search