Technology Tips and News
I need to setup audit on Domain Controllers to log who creates users.
Ie: if me, with my login user xpto-admin created user01, I need to be possible to realize that user01 was created by xpto-admin.
Is there any step-by-step or can you guide me to accomplish this task?
Thanks in advance.
FM
Read this and let us know if you have more questions.
https://technet.microsoft.com/en-us/library/Cc731607(v=WS.10).aspx
You have to enable auditing to get to know who created the account, and check the user meta to find when and which DC account has been created and check the security audit logs
https://support.microsoft.com/en-us/kb/232714
http://www.windowstricks.in/2015/05/active-directory-user-attributes-auditing-using-object-meta.html
You can do this by following the steps below:
1. Go to the Group Policy Management console.
2. Expand down to Group Policy Objects and create a new policy.
3. Edit the policy and browse down to the correct setting:
Computer Configuration > Policies > Windows Settings > Security Settings > Advanced Audit Configuration > Audit Policies > Account Management
4. Configure the Audit User Account Management, select Success
and Failure.
5. Run "Gpupdate /force" to update the policy setting.
Then, when every user account get created, you can monitor Event 4720
security log in the Event Viewer. It will show you the details of who created this user. For example:
A user account was created.
Subject:
Security ID: domainname\username
Account Name: username
Account Domain: domain
Logon ID: xxx
New Account:
Security ID: domainname\newusername
Account Name: newusername
Account Domain: domain
Hope this helps.
Regards,
Eth
Regards,
Eth
Regards,
Eth
This topic is archived. No further replies will be accepted.
Other recent topics
Click here to get your free copy of Network Administrator. Over 25 plugins to make your life easier