Microsoft-Windows-DirectoryServices-Deployment
6 events across 1 channel
| Event | Title | Channel | Sample |
|---|---|---|---|
| 100 | Prop_UnicodeString. | Operational | Y |
| 101 | Prop_UnicodeString. | Operational | N |
| 102 | Prop_UnicodeString. | Operational | Y |
| 103 | Prop_UnicodeString. | Operational | Y |
| 104 | Prop_UnicodeString. | Operational | Y |
| 105 | Prop_UnicodeString. | Operational | N |
Event ID 100: Prop_UnicodeString.
#Description
Prop_UnicodeString
Message #
Fields #
| Name | Description |
|---|---|
Prop_UnicodeString UnicodeString |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-DirectoryServices-Deployment",
"guid": "71B4B0DA-68D5-4925-9F9B-61750F989527",
"event_source_name": "",
"event_id": 100,
"version": 0,
"level": 4,
"task": 2,
"opcode": 0,
"keywords": 4611686018427387904,
"time_created": "2022-04-07T17:10:43.862648+00:00",
"event_record_id": 130,
"correlation": {
"ActivityID": "DD7B0B6A-4A9E-0000-77A9-7BDD9E4AD801"
},
"execution": {
"process_id": 1460,
"thread_id": 4080
},
"channel": "Microsoft-Windows-DirectoryServices-Deployment/Operational",
"computer": "WIN-FPV0DSIC9O6",
"security": {
"user_id": "S-1-5-21-2121334350-1110938707-2888912545-500"
}
},
"event_data": {
"Prop_UnicodeString": "Leaving method: PrerequisitesExecutor.RunAllTests"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 101: Prop_UnicodeString.
#Event ID 102: Prop_UnicodeString.
#Description
Prop_UnicodeString
Message #
Fields #
| Name | Description |
|---|---|
Prop_UnicodeString UnicodeString |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-DirectoryServices-Deployment",
"guid": "71B4B0DA-68D5-4925-9F9B-61750F989527",
"event_source_name": "",
"event_id": 102,
"version": 0,
"level": 2,
"task": 2,
"opcode": 0,
"keywords": 4611686018427387904,
"time_created": "2022-04-07T17:09:55.286862+00:00",
"event_record_id": 27,
"correlation": {
"ActivityID": "DD7B0B6A-4A9E-0000-98A1-7BDD9E4AD801"
},
"execution": {
"process_id": 1460,
"thread_id": 1000
},
"channel": "Microsoft-Windows-DirectoryServices-Deployment/Operational",
"computer": "WIN-FPV0DSIC9O6",
"security": {
"user_id": "S-1-5-21-2121334350-1110938707-2888912545-500"
}
},
"event_data": {
"Prop_UnicodeString": "SelectDeploymentOperationViewModel.ValidateDomainName: Invalid Domain Name"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 103: Prop_UnicodeString.
#Description
Prop_UnicodeString
Message #
Fields #
| Name | Description |
|---|---|
Prop_UnicodeString UnicodeString |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-DirectoryServices-Deployment",
"guid": "71B4B0DA-68D5-4925-9F9B-61750F989527",
"event_source_name": "",
"event_id": 103,
"version": 0,
"level": 4,
"task": 1,
"opcode": 0,
"keywords": 4611686018427387904,
"time_created": "2022-04-07T17:10:43.775672+00:00",
"event_record_id": 127,
"correlation": {
"ActivityID": "DD7B0B6A-4A9E-0001-F797-7BDD9E4AD801"
},
"execution": {
"process_id": 5272,
"thread_id": 1872
},
"channel": "Microsoft-Windows-DirectoryServices-Deployment/Operational",
"computer": "WIN-FPV0DSIC9O6",
"security": {
"user_id": "S-1-5-21-2121334350-1110938707-2888912545-500"
}
},
"event_data": {
"Prop_UnicodeString": "Leaving method: Prerequisites.VerifyLegacyDcPromoCore Return value: Microsoft.DirectoryServices.Deployment.Types.Result{Context=DCPromo.General.22,Message=The TCP/IP networking protocol must be properly configured. Complete the configuration before you proceed.\r\n}"
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 104: Prop_UnicodeString.
#Description
Prop_UnicodeString
Message #
Fields #
| Name | Description |
|---|---|
Prop_UnicodeString UnicodeString |
Example Event #
{
"system": {
"provider": "Microsoft-Windows-DirectoryServices-Deployment",
"guid": "71B4B0DA-68D5-4925-9F9B-61750F989527",
"event_source_name": "",
"event_id": 104,
"version": 0,
"level": 3,
"task": 1,
"opcode": 0,
"keywords": 4611686018427387904,
"time_created": "2022-04-07T17:10:43.778531+00:00",
"event_record_id": 128,
"correlation": {
"ActivityID": "DD7B0B6A-4A9E-0001-F797-7BDD9E4AD801"
},
"execution": {
"process_id": 5272,
"thread_id": 1872
},
"channel": "Microsoft-Windows-DirectoryServices-Deployment/Operational",
"computer": "WIN-FPV0DSIC9O6",
"security": {
"user_id": "S-1-5-21-2121334350-1110938707-2888912545-500"
}
},
"event_data": {
"Prop_UnicodeString": "Windows Server 2022 domain controllers have a default for the security setting named \"Allow cryptography algorithms compatible with Windows NT 4.0\" that prevents weaker cryptography algorithms when establishing security channel sessions.\r\n\r\nFor more information about this setting, see Knowledge Base article 942564 (http://go.microsoft.com/fwlink/?LinkId=104751)."
},
"message": ""
}
References #
- Example event sourced from https://github.com/NextronSystems/evtx-baseline
Event ID 105: Prop_UnicodeString.
#Provenance
Where this provider's schema came from, and which Windows build it was observed on. Windows can change a provider's event schema between builds, so use this to judge whether it matches the build you collect from.
ETW provider GUID 71b4b0da-68d5-4925-9f9b-61750f989527
Defined in DsDeployRes.dll, which carries the event manifest.
Observed on:
- WS2022-20348.4893, schema read from the registered manifest, binary version 10.0.20348.1, captured 2026-06-02