Identifying the creator of an Active Directory User



This is a weird one. Recently a new active directory
user "appeared" in our ad database. None of our
administrators claim to have created this object. There is
a created date, but we want to identify how this object
could get here without actually creating it manually. Is
there a way to identify the creation person or method of
creations for this object.

Thanks in advance,


Joe Richards [MVP]

Unless you have logging enabled you are pretty much hosed. You can try looking at the ACLs to see if there is the ACL of
a specific person tacked onto it but if everyone is a full administrator, it is just going to show administrators, not a
specific person.

This is why you shouldn't have but maybe 3 full admins tops. We support 400 domain controllers around the world with
250,000 userids, 150,000 contacts hundreds of thousands of machines and have 3 full admins, everyone else has delegated

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question