Question : LDAP Attribute of the Account Used to Add a Computer to Active Directory

We have a script that uses a database to assign recently added computers to the correct OU in Active Directory based on the computer name's prefix. The problem occurs when someone has an issue that prevents them from adding a particular computer name.

Rather than trying to figure out the issue or reporting it, they just name the computer anything to get it on the domain. I need to know what the attribute is for the person that created the computer object in order to run a report. Also, can this information be pulled once I have the computer's distinguished name?

Thanks!!

Answer : LDAP Attribute of the Account Used to Add a Computer to Active Directory

When an object is created in Active Directory by a member of the Domain Admins group, and you view security - owner, the owner is always displayed as the members of the Domain\Administrators group...

It doesn't seem like you can identify the creator of an Active Directory object unless you have enabled Auditing for that event, except if you go through security logs - someone said they had done it that way although I think that person had altered logging, I do not think that event is logged default.

Quote:-

Ownership
Each Active Directory object has an owner. She can always control the permissions for her object. That is, she can decide who can access that object and in what way. Of course, anyone who has the Modify Permissions permission can control permissions, too.

By default, the owner is the user who created the object. However
- If the creator is a member of Domain Admins, that group is the owner.
- If the creator is not a member of Domain Admins, but is a member of Administrators, the latter group is the owner.