Event ID reference

2000

Informational

A user has requested access to a computer

2001

Informational

A user has been added to a local SAM group

2002

Informational

A user has been removed from a local SAM group

2003

Informational

The JIT worker service has created a new group

2004

Informational

The JIT worker service has deleted a group

2005

Informational

The JIT worker service has created a new dynamic group

2006

Informational

The JIT worker service has deleted a dynamic group

2007

Informational

JIT access has been granted to a user via PAM

2008

Informational

JIT access has been revoked from a user via PAM

2009

Informational

A user has requested access to a role

2010

Informational

JIT access has been granted to a user via the scheduler

2011

Informational

JIT access has been revoked from a user via the scheduler

2012

Informational

The JIT scheduler determined that the user no longer exists

2013

Informational

The JIT scheduler determined that the group no longer exists

2101

Informational

A computer authorization rule has been added

2102

Informational

A computer authorization rule has been deleted

2103

Informational

A computer authorization rule has been modified

2104

Informational

A role authorization rule has been added

2105

Informational

A role authorization rule has been deleted

2106

Informational

A role authorization rule has been modified

2200

Informational

The database does not exist

2201

Informational

The database has been created

2202

Informational

Database upgrade is required

2203

Informational

The database is being deleted

2204

Informational

The database has been deleted

2205

Informational

Database upgrade check is in progress

2206

Informational

Database upgrade has been completed

2207

Informational

Database upgrade is not required

2300

Informational

The master key has been exported

3000

Audit Success

A user has been authenticated

3001

Audit Success

Access to the computer's current local admin password has been granted

3002

Audit Success

Access to the computer's password history has been granted

3003

Audit Success

JIT access to a computer has been granted

3004

Audit Success

BitLocker access to a computer has been granted

3005

Audit Success

JIT access to a role has been granted

4000

Errors

SSO identity not found

4001

Errors

Computer not found in directory

4002

Errors

LAPS password not present

4003

Errors

Computer name is ambiguous

4004

Errors

A user request reason was required but it was not provided

4006

Errors

User certificate identity not found

4008

Errors

User certificate validation error

4009

Errors

Identity discovery error

4010

Errors

Computer discovery error

4011

Errors

No LAPS password history is available

4012

Errors

Authorization failed because there were no rules that matched for the specific user

4013

Errors

Authorization failed because there were no rules that matched for the requested computer

4014

Errors

Authorization failed

4015

Errors

Authorization was explicitly denied

4016

Errors

Authorization failed because a mandatory audit event failed to be delivered

4017

Errors

The IP-based rate limit was exceeded

4018

Errors

The user-based rate limit was exceeded

4019

Errors

BitLocker keys were not present for the specified computer

4020

Errors

Authorization failed because the rate limit was exceeded

4021

Errors

The search request returned too many results

5001

Errors

Failed to add a user to a local SAM group

5002

Errors

Failed to remove a user from a local SAM group

5003

Errors

Invalid certificate - invalid or unsupported URI scheme

5004

Errors

Unexpected error

5005

Errors

Error loading template resource

5006

Errors

Notification channel delivery error

5007

Errors

Unhandled error in background task

5008

Errors

Error processing an authorization rule

5009

Errors

JIT rollback is in progress

5010

Errors

JIT rollback failed

5011

Errors

JIT error

5012

Errors

An error occured in the pre-authorization process

5013

Errors

LAPS password history error

5014

Errors

LAPS password error

5015

Errors

Authorization error

5016

Errors

Application is not configured

5017

Errors

Certificate trust chain parsing issue

5018

Errors

Error looking up target directory

5019

Errors

Error creating authorization context

5020

Errors

Authorization context fallback

5021

Errors

Authorization context server cannot connect

5022

Errors

Invalid response from PowerShell security descriptor generator

5023

Errors

DN parse error

5024

Errors

Unexpected error in JIT worker

5025

Errors

Failed to create JIT worker group

5026

Errors

Failed to delete JIT worker group

5027

Errors

JIT worker USN fallback

5028

Errors

JIT dynamic group has invalid domain

5029

Errors

External authentication provider error

5030

Errors

Error processing authentication provider response

5031

Errors

Error looking up authentication directory

5032

Errors

Access denied by external authentication provider

5033

Errors

Certificate authentication access denied

5034

Errors

Certificate authentication error

5035

Errors

BitLocker key access error

5036

Errors

Error reading resource

5037

Errors

Error importing certificate

5038

Errors

Error exporting certificate

5039

Errors

The certificate could not be synchronized because the private key was not exportable

5040

Errors

Database upgrade error

5041

Errors

Database upgrade warning

5042

Errors

Database upgrade info

5048

Errors

Failed to check for new version

5049

Errors

Failed to check certificate expiry

5050

Errors

API is not enabled

5051

Errors

Database backup job failed

5052

Errors

Database initialization failed

5053

Errors

The scheduler failed to remove JIT membership

5054

Errors

The scheduler abandoned the membership removal job

5055

Errors

Password retrieval restricted by license

5056

Errors

Database maintenance job failed

5057

Errors

JIT worker job failed

5058

Errors

Certificate authentication failed because no certificate was presented

1000

The agent has started

1001

The agent has been disabled

1002

The LAPS agent is currently disabled

1020

The LAPS agent has been enabled

1004

The LAPS agent cannot run because it is running on a domain controller

1006

An unexpected exception occurred in the LAPS process

1007

An unexpected exception occurred in the agent

1008

The LAPS agent is not configured

1009

There was a conflict between the Access Manager Agent and the Windows LAPS agent. Only one may be active at any one time

1010

The password has expired

1011

Password has been set on the LAPS attribute

1012

Password has been set on the Access Manager attribute

1013

Password has been changed

1014

Failure in password expiry check

1015

Failure in password change

1017

LAPS conflict has been resolved

1018

No password change required

1019

UWF (Unified Write Filter) has been enabled

2001

Error in server connection

2002

Server credentials are not recognized

2003

No server is configured

2004

AADR (Azure Active Directory Registration) registration is not allowed

2005

AMS registration has been rejected

2006

AMS registration information is missing

2007

AD certificate private key is not available

2008

Impersonation failure

2009

AMS registration failed due to an invalid registration key

2010

Failed to enable the account

2011

Failed to reset the agent

2012

Server certificate has expired

2013

Server certificate hostname mismatch

2014

Server certificate validation failed

3001

Registration is not ready

3002

No suitable AAD (Azure Active Directory) tenant found

4001

AMS registration is pending

4002

AMS registration has been approved

4003

AMS registration is starting

4004

Secondary credentials have been registered

4005

Agent reset has been completed