S
Steven T
Here's what happened.
In the AD, there are 2 domain controllers, both are running W2K Server w/SP4
In the event log of the First DC(which holds all the FSMO roles), event id
643 appeared
every 5 minutes for the whole day. It act as a File server as well as a
print server. It is located in a closed network and no one using
the network should have a user right more than an ordinary domain user.
The holder of the adminitrator account(The companies' Vice President) have
no
physical access to the network. No tasks were scheduled to run every 5
minutes.
And the strange thing is, the events does not appear in the other domain
controller.
Can anyone suggest a possiblity of what's happening??
I searched through TechNet and could find no clue of this...
Thank you.
Below is an extract of the event log:
7/8/2004 12:01:09 AM 8 7 643 Security NT AUTHORITY\SYSTEM DC1 Password
Policy DOMAIN %{S-1-5-21-602162358-1644491937-682003330} DC1$ DOMAIN
(0x0,0x3E7) -
7/8/2004 12:06:26 AM 8 7 643 Security NT AUTHORITY\SYSTEM DC1 Password
Policy DOMAIN %{S-1-5-21-602162358-1644491937-682003330} DC1$ DOMAIN
(0x0,0x3E7) -
7/8/2004 12:11:34 AM 8 7 643 Security NT AUTHORITY\SYSTEM DC1 Password
Policy DOMAIN %{S-1-5-21-602162358-1644491937-682003330} DC1$ DOMAIN
(0x0,0x3E7) -
7/8/2004 12:16:41 AM 8 7 643 Security NT AUTHORITY\SYSTEM DC1 Password
Policy DOMAIN %{S-1-5-21-602162358-1644491937-682003330} DC1$ DOMAIN
(0x0,0x3E7) -
7/8/2004 12:21:48 AM 8 7 643 Security NT AUTHORITY\SYSTEM DC1 Password
Policy DOMAIN %{S-1-5-21-602162358-1644491937-682003330} DC1$ DOMAIN
(0x0,0x3E7) -
7/8/2004 12:26:55 AM 8 7 643 Security NT AUTHORITY\SYSTEM DC1 Password
Policy DOMAIN %{S-1-5-21-602162358-1644491937-682003330} DC1$ DOMAIN
(0x0,0x3E7) -
In the AD, there are 2 domain controllers, both are running W2K Server w/SP4
In the event log of the First DC(which holds all the FSMO roles), event id
643 appeared
every 5 minutes for the whole day. It act as a File server as well as a
print server. It is located in a closed network and no one using
the network should have a user right more than an ordinary domain user.
The holder of the adminitrator account(The companies' Vice President) have
no
physical access to the network. No tasks were scheduled to run every 5
minutes.
And the strange thing is, the events does not appear in the other domain
controller.
Can anyone suggest a possiblity of what's happening??
I searched through TechNet and could find no clue of this...
Thank you.
Below is an extract of the event log:
7/8/2004 12:01:09 AM 8 7 643 Security NT AUTHORITY\SYSTEM DC1 Password
Policy DOMAIN %{S-1-5-21-602162358-1644491937-682003330} DC1$ DOMAIN
(0x0,0x3E7) -
7/8/2004 12:06:26 AM 8 7 643 Security NT AUTHORITY\SYSTEM DC1 Password
Policy DOMAIN %{S-1-5-21-602162358-1644491937-682003330} DC1$ DOMAIN
(0x0,0x3E7) -
7/8/2004 12:11:34 AM 8 7 643 Security NT AUTHORITY\SYSTEM DC1 Password
Policy DOMAIN %{S-1-5-21-602162358-1644491937-682003330} DC1$ DOMAIN
(0x0,0x3E7) -
7/8/2004 12:16:41 AM 8 7 643 Security NT AUTHORITY\SYSTEM DC1 Password
Policy DOMAIN %{S-1-5-21-602162358-1644491937-682003330} DC1$ DOMAIN
(0x0,0x3E7) -
7/8/2004 12:21:48 AM 8 7 643 Security NT AUTHORITY\SYSTEM DC1 Password
Policy DOMAIN %{S-1-5-21-602162358-1644491937-682003330} DC1$ DOMAIN
(0x0,0x3E7) -
7/8/2004 12:26:55 AM 8 7 643 Security NT AUTHORITY\SYSTEM DC1 Password
Policy DOMAIN %{S-1-5-21-602162358-1644491937-682003330} DC1$ DOMAIN
(0x0,0x3E7) -