I see couple of unknown accounts getting created in AD. by default accounts are getting created by SAP when a user joins the organization , I see couple of AD accounts which are not fully filled with all details. I am wondering is there any way to identify which application creates these account by checking the LDAP properties ? Is there any PowerShell query which can be used.
Let me know your thoughts
Active directory account question
- 57 Views
- Last Post 14 August 2015
AD auditing in the best way to identify this sort of thing. You won't find it in the LDAP properties.
For any existing accounts where auditing was not in place, this may help: if the new account is being created by an account that does not have domain admin permissions, then
the Owner of the incomplete object will reveal which user account was used to create the object, which may help reveal who or what process is creating this.
And don’t forget the basic whenCreated, whenChanged attributes, if you don’t have event logs for some reason.