Event ID 5136: A Directory Service Object was Modified [Fix]

This is a system information that shows changes made to an object

Reading time icon 3 min. read


Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Key notes

  • The Event ID 5136 denotes that changes have been made to an audit object.
  • You can view the event details and the user that made the change in the Event Viewer.
event id 5136

The Event id 5136 is a prompt on the Windows server. This prompt is one of the less severe issues you can encounter, and you don’t need to panic upon seeing it.

In this detailed guide, we will detail everything you need to know about this prompt and how to get rid of it, just like we did with the Event ID 4726. Read on!

What is Event ID 5136?

The Event ID 5136 shows up whenever an Active Directory object is modified. Before this event can show up, there must be an appropriate entry in SACL for the modified entry.

You will likely see two 5136 events for one action in every change operation. This usually has different Operation\Type fields: Value Deleted and Value Added.

The Value Deleted denotes the initial value that was changed, while the Value Added will display the new value.

How can I fix Event ID 5136?

1. Use Event Viewer

  1. Press the Windows key + X and select the Event Viewer option.
    event viewer id 5136
  2. Select Windows LogsSecurity in the left pane.
    windows log
  3. Now, choose Event ID 5136 from the list of errors and go to General.
    general
  4. You can now check the Value Deleted and Value Added parameters and other information.

In most cases, Event ID 5136 is usually just system information that shows up when you make changes to your server. So, it normally does not require any action from the user.

However, you can still check important information like the user that made the change and the sort of changes made in the Event Viewer.

2. Make changes to your registry

  1. Press the Windows key + R, type regedit, and click the OK button.
    regedit event id 5136
  2. Navigate to the path below in the left pane: HKLM/System/CurrentControlSet/Services/NTDS/parameters
  3. Now, right-click the empty space in the right pane and select New > DWORD Value.
    new dword
  4. Enter Maximum Audit String Length as the name of the new DWORD and double-click it.
    max audit
  5. Next, set its value data to double the string length required because of the Unicode conversion. That is, enter 4000 Decimal if you need 2000 characters in the attribute value.
  6. Finally, restart the Active Directory Domain Services service.

If you want to get rid of the Event ID 5136 error, making changes to your registry is recommended. While this is unnecessary, it is still a nice workaround.

However, ensure to back up your registry before performing this in case of issues.

With this, we can conclude this guide on eliminating the Event ID 5136 error. This issue is usually just system information and does not require any action from you. So you don’t need to worry.

If you are facing a similar issue like Event ID 5145, check our detailed guide to resolve it.

Feel free to let us know the solution that helped you fix this issue in the comments below.

More about the topics: Event Viewer

User forum

0 messages