Checking Windows 2003 Server Security log for account creations?

Toggle sidebar Toggle sidebar
ultimatebob

ultimatebob

Lifer
Jul 1, 2001
25,134
2,450
126
Is there a way to filter the Windows Server 2003 Security log to show just Active Directory account creations? It looks like one of my more crafty customers conned someone on my team into creating two Domain Admin accounts for him, and I'm trying to figure out which admin was dumb enough to do it :)

The log is HUGE though, and I need a way just to filter out account creations. It there a particular task name or code that I should be filtering with?
 
E

elcamino74ss

Senior member
Jun 6, 2005
215
0
0
look for event id 624

Description:
User Account Created:
New Account Name: <account name>
New Domain: <domain name>
New Account ID: <id>
Caller User Name: <user creating the account>
Caller Domain: <user domain>
Caller Logon ID: <logon id>
Privileges
<list of privileges>
 
ultimatebob

ultimatebob

Lifer
Jul 1, 2001
25,134
2,450
126
Originally posted by: elcamino74ss
look for event id 624

Description:
User Account Created:
New Account Name: <account name>
New Domain: <domain name>
New Account ID: <id>
Caller User Name: <user creating the account>
Caller Domain: <user domain>
Caller Logon ID: <logon id>
Privileges
<list of privileges>
Click to expand...

That worked... thanks!
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom