As per Microsoft: "An attempt was made to access a directory service object. Success or failure is indicated in the message. If access was successful, the listed accesses were requested and granted. If access failed, the listed accesses were requested but not granted". See MSW2KDB
for more details on this event.
Audit events (event ID 565) for directory service access may contain truncated distinguished names for the Object Name entries. This problem may occur if the object server is "Security Account Manager." It is caused by the fact that the object name length is set to the number of characters, instead of to the number of bytes. The distinguished name is stored as Unicode, which causes only half of the string to be processed. See ME319672
to fix this problem.
After you configure security auditing on public folders that are in your Exchange 2000 Server organization, if the security events that are related to public folder access do not appear as you expect (you receive no indication about what particular event occurred) see ME810929
for a workaround.
After you turn on the audit directory service access policy in Active Directory Users and Computers, if when an object is deleted from the Active Directory directory service, the security event log does not record an event ID 565 event message for File Delete Child, see ME833873
for a hotfix.
Auditing event details may be reported incorrectly in your auditing logs. See ME836419
for details on this problem.
For additional information, see the following links: "Monitoring and Auditing for End Systems", "Microsoft Solution for Securing Windows 2000 Server", and ME329986