<div>
You can find out if you're lucky. &nbsp;If you do backups of your DC and include the Security Log you can restore that log from backup for the day the user object was created. &nbsp;If your logs don't roll over too quickly you may be able to find the userid object creation event.<br />
<br />
This is the only way you'd be able to find this info out at this point<br />
<br />
And it wouldn't be a report, it'd be one at a time.<br />
<br />
Good Luck,<br />
- gurutc
</div>


You can find out if you're lucky.  If you do backups of your DC and include the Security Log you can restore that log from backup for the day the user object was created.  If your logs don't roll over too quickly you may be able to find the userid object creation event.

This is the only way you'd be able to find this info out at this point

And it wouldn't be a report, it'd be one at a time.

Good Luck,
- gurutc

<div>
What if I have a report of specific user object's samaccountname is there an ADSI query or edit that can be run against those samaccountnames to determine which samaccountname was initially used to create? Thank you
</div>


What if I have a report of specific user object's samaccountname is there an ADSI query or edit that can be run against those samaccountnames to determine which samaccountname was initially used to create? Thank you

<div>
There isn't an ADSI query that will do what you need. &nbsp;There's no attribute in AD for 'userid object creator.' &nbsp;The only place that ever records the creation of a userid object is the Security Log, which rolls over too quickly to help most of the time.<br />
<br />
Sorry to tell you that.<br />
<br />
- gurutc
</div>


There isn't an ADSI query that will do what you need.  There's no attribute in AD for 'userid object creator.'  The only place that ever records the creation of a userid object is the Security Log, which rolls over too quickly to help most of the time.

Sorry to tell you that.

- gurutc

<div>
<div class="content wysiwyg-content">
I would like to know if there is a query (preferably csvde command line) to report the samaccountname that was initially used to create user objects. Thank you
</div>
</div>


I would like to know if there is a query (preferably csvde command line) to report the samaccountname that was initially used to create user objects. Thank you

Query AD user objects to report the samaccountname that was initially used to create user objects

Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.