Event ID - 626

Event Id626
SourceSecurity
DescriptionUser Account Enabled:

Target Account Name: <Target Account Name>
      Target Domain: <Target Domain>
      Target Account ID: <Target Account ID>
      Caller User Name: <Caller User Name>
      Caller Domain: <Caller Domain>
      Caller Logon ID: <Caller Logon ID>     

Event InformationAccording to Microsoft :
Cause :
This event indicates that a disabled user account has been re-enabled. There can be security implications for this action.

On computers running Windows 2000 Server or later, this Security event and Security event 629 are replaced by Security event 642.
Resolution :
The person with administrative rights for the computer should confirm that there are no security implications because of this change.

-------------------------------------------------------------------------------------------

This success audit event will be logged in when a disabled user account has enabled.
Reference LinksEvent ID 626 from Source Security

Alternate Event ID in Vista and Windows Server 2008 is 4722.

Catch threats immediately

We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.

See what we caught

Did this information help you to resolve the problem?

Yes: My problem was resolved.
No: The information was not helpful / Partially helpful.
 Refresh