Determine details surrounding rogue account creation
Posted on 2008-10-19
I see that someone created a new Active Directory account at 2am last night, suspiciously named "Admin." How can I learn details relating to this event? I'd like to know:
a) What user account was used to create the account
b) What machine it was created from
c) Whether or not this new account has actually been used
My server is Windows 2000 Server with service pack 4.