No announcement yet.

Who created the AD Object ?

  • Filter
  • Time
  • Show
Clear All
new posts

  • Who created the AD Object ?

    When an object is created in Active Directory by a member of the Domain Admins group, and you view security - owner, the owner is always displayed as the members of the Domain\Administrators group...

    Therefore it will display Domain\Domain Admins as there are no individual user accounts in the Administrators group.

    In our environment the Admins are in the root domain so again the owner is RootDomain\Domain Admins.

    I want it to display the actual user account... Is there any setting to do this ???

    I thought I found the answer with this technet article.

    I created the GPO but on further testing it only appears to work when viewing owners of files\folders not on AD Objects..

    Any help would be greatly appreciated..


  • #2
    Re: Who created the AD Object ?

    Do I take it, with the lack of replies, that this is NOT possible ???


    • #3
      Re: Who created the AD Object ?

      I don't really know if this is possible.
      Maybe you can do something with auditing to monitor this kind of activities.
      Technical Consultant

      MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
      "No matter how secure, there is always the human factor."

      "Enjoy life today, tomorrow may never come."
      "If you're going through hell, keep going. ~Winston Churchill"


      • #4
        Re: Who created the AD Object ?

        I did some research and it doesn't seem like you can identify the creator of an Active Directory object unless you have enabled Auditing for that event, except if you go through security logs - someone said they had done it that way although I think that person had altered logging, I do not think that event is logged default.

        Copy Paste from


        Each Active Directory object has an owner. She can always control the permissions for her object. That is, she can decide who can access that object and in what way. Of course, anyone who has the Modify Permissions permission can control permissions, too.

        By default, the owner is the user who created the object. However
        - If the creator is a member of Domain Admins, that group is the owner.
        - If the creator is not a member of Domain Admins, but is a member of Administrators, the latter group is the owner.
        A wise man once said: "Assumption is the mother of all fu*k ups".

        Any advice I give is to the best of my knowledge, there is no guarantee what so ever that it will actually work in your particular scenario. I will not accept any responsibility for unexpected consequences, after all - you are taking advice from a complete stranger over the internet. =)