Windows Security Logs-4662

Question

Hi All

Can anyone help me with the below log. Does this happen on the domain controller on daily basis or if someone triggers so this log gets generated. i have 10 domain controllers and this log got generated on first domain controller and it is not a pdc

<Event xmlns='http://schemas.microsoft.com/win/2004/08/events/event'>  
<System>  
<Provider Name='Microsoft-Windows-Security-Auditing' Guid='{58236987-1973-5689-K9*W-JIO56JIU670A}'/>  
<EventID>4662</EventID>  
<Version>0</Version>  
<Level>0</Level>  
<Task>14080</Task>  
<Opcode>0</Opcode>  
<Keywords>0x8020000000000000</Keywords>  
<TimeCreated SystemTime='2022-12-31T07:10:17.672402600Z'/>  
<EventRecordID>2702254170</EventRecordID>  
<Correlation ActivityID='{D04EC773-F34C-002B-9FB2-D7861BFFD801}'/>  
<Execution ProcessID='2416' ThreadID='18328'/  
><Channel>Security</Channel>  
<Computer>mydc01.contoso.com</Computer>  
<Security/></System>  
<EventData>  
<Data Name='SubjectUserSid'>NT AUTHORITY\SYSTEM  
</Data><Data Name='SubjectUserName'>MYDC01$  
</Data><Data Name='SubjectDomainName'>CONTOSO  
</Data><Data Name='SubjectLogonId'>0x9440883ce  
</Data><Data Name='ObjectServer'>DS  
</Data><Data Name='ObjectType'>domainDNS  
</Data><Data Name='ObjectName'>DC=contoso,DC=com  
</Data><Data Name='OperationType'>Object Access  
</Data><Data Name='HandleId'>0x0</Data>  
<Data Name='AccessList'>%%7688                  
</Data><Data Name='AccessMask'>0x100  
</Data><Data Name='Properties'>%%7688          
 Replicating Directory Changes All domainDNS </Data><Data Name='AdditionalInfo'>-</Data><Data Name='AdditionalInfo2'></Data></EventData></Event>  

Answer 1

Something here could help. Looks like an audit policy was enabled.
https://learn.microsoft.com/en-us/windows/security/threat-protection/auditing/event-4662
https://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4662

--please don't forget to upvote and Accept as answer if the reply is helpful--