Hello Jim,
Thank you for posting in Q&A forum.
Event ID 4662 is logged when an operation is performed on an object within Active Directory. This event is typically generated when a user creates, modifies, or deletes objects in the Active Directory.
This event can generate a high volume of logs, especially on domain controllers, as it tracks various operations on AD objects.
Frequent logging of Event ID 4662 can be due to normal AD operations, third-party applications interacting with AD, or even corrupted system files.
If you want to turn off or reduce them, you could try these:
- Adjust Audit Policies:
• Open the Group Policy Management Console (GPMC).
• Navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Advanced Audit Policy Configuration > Audit Policies.
• Adjust the settings under Directory Service Access to reduce the number of logged events.
- Filter Event Logs:
• Create custom views in Event Viewer to filter out less critical events:
• Open Event Viewer and navigate to the Security log.
• Click on Create Custom View in the Actions pane.
• Set the filter criteria to exclude Event ID 4662.
- Disable Specific Auditing:
• If certain operations are generating excessive logs, you can disable auditing for those specific operations:
• Open the Active Directory Users and Computers console.
• Right-click the domain or organizational unit (OU) and select Properties.
• Go to the Security tab and click Advanced.
• In the Advanced Security Settings window, go to the Auditing tab and adjust the entries to reduce the scope of auditing.
I hope the information above is helpful.
If you have any questions or concerns, please feel free to let us know.
Best Regards,
Daisy Zhou
============================================
If the Answer is helpful, please click "Accept Answer" and upvote it.