Question : Windows 2003 active directory computer creation - who done it?

A unusual computer account has appeared in our midst and I am trying to query AD to determine which credentials it was entered when it was created. I was able to determine a time stamp but no account info. DOes anyone know how to determine this or what dsquery would get me there.....

Answer : Windows 2003 active directory computer creation - who done it?

You can enable auditing from Group Policy.

Default Domain Policy -> computer configuration->Windows Settings->Local Policies->Auditing.

Enable auditing for account management. Select Success and failure.

You can find name of the creator only if auditing is enabled.

Whenever an userId is created in AD, a security event 624 is generated. This contains the account created and the persons userid who had created the account.

Random Solutions

HTML formatting issue with Lotus Notes

Adding an IP Exclusion Range

PRI inbound calling failover, Cisco Call Manager

I can receive mail through a mail alias/forward, but cannot send mail from that account

Looking for hosting company

How could I improve the logon performance from WINXP workstation to the WIN2K server?

what does a web.xml do

Servers not replicating

Inherited permissions in Exchange

Windows System Error "duplicate name exists on the network