Events 5136, 5137, 5141 are only logged on the Master Domain Controller

Scorpion 0 Reputation points

I have enabled the auditing of Directory Service Objects (DS Objects), essentially to monitor the creation, deletion and modification of GPOs. I have two domain controllers, DC1 and DC2, the DC! is the Master DC. I'm using Windows Server 2022, on premise

When I run, on DC2, a creation, deletion, or modification of a GPO, I assumed those would be logged on the same DC2; but when I looked for the evnets in the Event Viewer, security panel, there was nothing. However, those events had been logged on DC1.

Shouldn't changes applied to GPOs in a particular DC allow events to be logged on that DC? I need help with this.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
8,786 questions
Windows Group Policy
Windows Group Policy
A feature of Windows that enables policy-based administration using Active Directory.
2,003 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
3,941 questions
No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Thameur-BOURBITA 15,811 Reputation points

    Hi @Scorpion

    Check if the DC1 host the PDC role.

    By default GPMC console is connected to PDC when you try modify a GPO.

    Please don't forget to mark helpful answer as accepted