Active Directory 2008

Hi, a User has been created in AD, SBS 2008. the user is called ACCESS and has full admin rights. I know i never created this user.

The user has logged onto both the DC and TS servers.

Is there a way I can check to see when this user account was created, just after a date or date range.

Thanks
DansamCSAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JohnGrunwellCommented:
Open active directory, click on view at the top click add remove columns search for modified date and add it to the list
0
serchlopCommented:
You can verify the date of creation for an object in Active directory Users and Computers in menu View - Select Advanced Features

Then Select the object ACCESS, enter properties, select tab object and there you should view the creation date.
0
Lee W, MVPTechnology and Business Process AdvisorCommented:
I hope this is obvious... but just in case... CHANGE ALL YOUR PASSWORDS NOW.  And disable that account.
0
SandeshdubeySenior Server EngineerCommented:
Check the security log on the DC for below events this will give account creation date,the person who has created,etc.

Event id 4720 will be generated  on windows 2008 for account creation.
Event id 624 will be generated on windows 2003/2000  for account creation.

Reference:
http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=4720
http://www.ultimatewindowssecurity.com/securitylog/encyclopedia/event.aspx?eventid=624

This event will be generated if you have enabled Audit account management in the Default Domain Controller GPO.Also if the event is older it might get purge and you want be able to see the same even if the policy is enabled.

I would also recommed to enable Audit Directory Service Access if not enabled.This will give evidence if any change to Directory service is made,example delete of dns zone,changes to Active directory object,etc

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.