Active directory account question

  • 51 Views
  • Last Post 14 August 2015
sumesh2279 posted this 13 August 2015

Team
I see couple of unknown accounts getting created in AD. by default accounts are getting created by SAP when a user joins the organization , I see couple of AD accounts which are not fully filled with all details. I am wondering is there any way to identify which application creates these account by checking the LDAP properties ? Is there any PowerShell query which can be used.
Let me know your thoughts
Sumesh

Order By: Standard | Newest | Votes
Tony posted this 14 August 2015

AD auditing in the best way to identify this sort of thing.  You won't find it in the LDAP properties.

 

http://www.open-a-socket.com/index.php/2014/07/14/how-to-enable-active-directory-auditing/

 


Tony







show

aakash posted this 14 August 2015

For any existing accounts where auditing was not in place, this may help:  if the new account is being created by an account that does not have domain admin permissions, then

the Owner of the incomplete object will reveal which user account was used to create the object, which may help reveal who or what process is creating this.

 



-Aakash Shah



 

show

dddugan posted this 14 August 2015

And don’t forget the basic whenCreated, whenChanged attributes, if you don’t have event logs for some reason.

Darin



 

show

Close