Identifying the creator of an Active Directory User

  • Thread starter Thread starter bduthie
  • Start date Start date
B

bduthie

This is a weird one. Recently a new active directory
user "appeared" in our ad database. None of our
administrators claim to have created this object. There is
a created date, but we want to identify how this object
could get here without actually creating it manually. Is
there a way to identify the creation person or method of
creations for this object.

Thanks in advance,

Bruce
 
Unless you have logging enabled you are pretty much hosed. You can try looking at the ACLs to see if there is the ACL of
a specific person tacked onto it but if everyone is a full administrator, it is just going to show administrators, not a
specific person.

This is why you shouldn't have but maybe 3 full admins tops. We support 400 domain controllers around the world with
250,000 userids, 150,000 contacts hundreds of thousands of machines and have 3 full admins, everyone else has delegated
rights.
 
Back
Top