• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 354
  • Last Modified:

vbscript: Field Used to Determine Who Added a PC to Active Directory

I have to right a script to determine who added a pc to a directory. What's the name of that field that I need to search for?
  • 2
2 Solutions
Chris DentPowerShell DeveloperCommented:

There is no explicit attribute that will tell you who joined a system to the domain.

You might get somewhere with the managedBy attribute, however it is optional and probably not filled in.

Or you might be able to read the security descriptor and see if anyone has been granted explicit permission to modify the account. This normally occurs when you pre-stage accounts so someone else can join it to the domain.

However, if you don't use either of those then the only way you can tell who created the object is by enabling Auditing, and capturing the event from the Security Log (on each DC). Point in time auditing like that is not retroactive, you won't be able to see who created existing accounts (before auditing is enabled).

JB4375Author Commented:
OK... I found within Active Directory:
  • Properties
  • Security
  • Advanced Tab
  • Owner
  • Current Owner of this item: UserID  <-----This is the attribute I'm looking for.
JB4375Author Commented:
Ok... found a script that pulls it for anyone that's interested:
Set objUser = GetObject _

Set objNtSecurityDescriptor = objUser.Get("ntSecurityDescriptor")
WScript.Echo "Owner Tab"
WScript.Echo "Current owner of this item: " & objNtSecurityDescriptor.Owner

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now