Yes, if the value is populated, adfind will decode it to a friendly format SID string.
joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Cliffe Sent: Monday, March 14, 2005 3:36 PM To: [email protected] Subject: RE: [spam] RE: [ActiveDir] Workstation Add User I have found the security log to be the most reliable source for this type of info. Of course if you're not using MOM, or some other event log mining utility, it makes this particular solution kind of difficult. The alternate way (not pleasing either): dsquery * "cn=ComputerName,dc=company,dc=com" -attr ms-ds-creatorsid This should spit out the SID of the security principal that created the object. It only does this in HEX though. The last two bytes are the RID of the user, which, after making into WORD order and then changing to decimal, you then prepend with your domain SID in order to translate into a user name! (the domain SID is in the output too, but hopefully that is already known to you) Sorry that the last paragraph is a mess! I can try to clarify with an example, but maybe Joe's ADFIND already goes one or two better than this and does some translating? I haven't had a chance to play with it yet. -DaveC Reuters CIO Infrastructure -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: Monday, March 14, 2005 2:43 PM To: [email protected] Subject: [spam] RE: [ActiveDir] Workstation Add User Owner of the computer? I see no such attribute, what am I missing? -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Thorbj�rn Sj�vold Sent: Monday, March 14, 2005 2:14 PM To: [email protected] Subject: RE: [ActiveDir] Workstation Add User When the computer object is created the Owner of the computer object is the user that added the computer, but of course this is a value that can be changed if someone have the correct permissions. And another thing that might spoil your statistics is that if a member of Domain Admins add the computer then Domain Admins is the owner and not the specific administrator. Thorbj�rn Sj�vold Special Operations Software www.specopssoft.com thorbjorn.sjovold a t specopssoft.com Specops Deploy, Takes Group Policy Based Software Deployment to the next level -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Douglas M. Long Sent: Monday, March 14, 2005 7:54 PM To: [email protected] Subject: [ActiveDir] Workstation Add User Is there a way to tell who added a machine to the domain? I would like to do this to get some statistics on who is actually adding machines. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ ----------------------------------------------------------------- Visit our Internet site at http://www.reuters.com To find out more about Reuters Products and Services visit http://www.reuters.com/productinfo Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Reuters Ltd. List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
