When you delegate tasks over several organizational units in Windows 2000, the "Target Account Name" field in audit event ID 628 is empty

Article translations Article translations
Article ID: 838611 - View products that this article applies to.
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all

On This Page

Symptoms

On a Microsoft Windows 2000-based computer, you delegate some tasks over several organizational units (OU) to domain local groups in Active Directory. Then, audit event ID 628 is logged in the Security log. However, when you open audit event ID 628 in Event Viewer, you notice that the "Target Account Name" field is empty.

For example, you assign the domain local group the "Reset passwords on user accounts" permission for an OU. Then, an audit event ID 628 is logged in the Security log that resembles the following:


Event Type: Failure Event
Source: Security
Event Category: Account Management
Event ID: 628
Date: Date
Time: Time
User: DomainName\LocalGroupMember
Computer: ComputerName
Description:
User Account password set:
Target Account Name:
Target Domain: DomainName
Target Account ID: DomainName\UserName
Caller User Name: LocalGroupMember
Caller Domain: DomainName
Caller Logon ID: (0x0,0x83C437)

Cause

This issue occurs because of a side effect of the hotfix that is described in Knowledge Base article 822377. For more information about the hotfix that is described in Knowledge Base article 822377, click the following article number to view the article in the Microsoft Knowledge Base:
822377 Failure audit event ID 628 occurs when the domain local group member changes the password of another account

Resolution

Hotfix information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

Prerequisites

This hotfix requires Windows 2000 Service Pack 3 (SP3) or a later version.

Restart requirement

You must restart your computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace any other hotfixes.

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Advapi32.dll5.0.2195.6876388,36824-Mar-200402:17x86
Browser.dll5.0.2195.686669,90424-Mar-200402:17x86
Dnsapi.dll5.0.2195.6824134,92824-Mar-200402:17x86
Dnsrslvr.dll5.0.2195.687692,43224-Mar-200402:17x86
Eventlog.dll5.0.2195.688347,88824-Mar-200402:17x86
Kdcsvc.dll5.0.2195.6890143,63224-Mar-200402:17x86
Kerberos.dll5.0.2195.6903210,19211-Mar-200402:37x86
Ksecdd.sys5.0.2195.682471,88821-Sep-200300:32x86
Lsasrv.dll5.0.2195.6902520,97611-Mar-200402:37x86
Lsass.exe5.0.2195.690233,55225-Feb-200423:59x86
Msv1_0.dll5.0.2195.6897123,15211-Mar-200402:37x86
Netapi32.dll5.0.2195.6897312,59224-Mar-200402:17x86
Netlogon.dll5.0.2195.6891371,47224-Mar-200402:17x86
Ntdsa.dll5.0.2195.68961,028,88024-Mar-200402:17x86
Samsrv.dll5.0.2195.6923392,46409-Apr-200420:09x86
Scecli.dll5.0.2195.6893111,37624-Mar-200402:17x86
Scesrv.dll5.0.2195.6903253,20024-Mar-200402:17x86
Sp3res.dll5.0.2195.68965,869,05605-Feb-200420:18x86
W32time.dll5.0.2195.682450,96024-Mar-200402:17x86
W32tm.exe5.0.2195.682457,10421-Sep-200300:32x86

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

More information

For more information about how hotfix packages are named, click the following article number to view the article in the Microsoft Knowledge Base:
816915 New file naming schema for Microsoft Windows software update packages
For more information, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates

Properties

Article ID: 838611 - Last Review: November 2, 2013 - Revision: 3.0
Applies to
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
Keywords: 
kbnosurvey kbarchive kbautohotfix kberrmsg kbbug kbfix kbhotfixserver kbqfe kbwin2000presp5fix KB838611

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com