I turned on auditing for new computer accounts, but the logging doesn't seem to tell me much other than it was created and the account credentials of who created it and device name.... Will continue to look into it.
(we don't use InTune or AD FS) Jesse Rink Source One Technology, Inc. HP Partner 262 993 2231 ** Please visit our blog! http://www.sourceonetechnology.com/blog/ ________________________________________ From: [email protected] <[email protected]> on behalf of Brian Desmond <[email protected]> Sent: Wednesday, March 16, 2016 10:58 AM To: [email protected] Subject: [NTSysADM] RE: Strange computer accounts in AD You can enable auditing and see where they're coming from. Are they using Intune or AD FS with Workplace join? Thanks, Brian Desmond w - 312.625.1438 | c - 312.731.3132 -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jesse Rink Sent: Wednesday, March 16, 2016 10:45 AM To: [email protected] Subject: [NTSysADM] Strange computer accounts in AD Haven't been able to make much sense of this so far... One of my customers is Mac-centric for their devices (50% Macbooks/iMac, 40% iPads, 10% PCs). Depending on who is using the MacBook, the devices are either a) joined to AD, or b) not joined to AD. I can obviously account for seeing Macbooks and iMacs in the Computer containers of AD once the Macbooks are joined. What I can't seem to account for it... How in the world I'm finding computer accounts for iPads in AD. The customer uses a standard naming convention here for devices, so I shouldn't be seeing computernames in AD's computers container like "AB-iPad-John-88" or "AB-iPad-Mike-77". Everyone in IT claims they wouldn't name a standard computer device with that naming convention and only use those naming conventions for iPad devices so.... if that's the case, why am I seeing computer accounts getting created with those names in AD? This doesn't happen for EVERY iPad deployed, but it seems like 5% of them? I typically just delete the computer account from AD which has yet to cause any complaining/problems... but eventually, more start to appear. I'm going to dig into Microsoft security auditing policies deeper and see if there's a way I can send new computer account creation logs to the Security Log, etc. maybe that'll give me more info how they're getting created. Jesse Rink Source One Technology, Inc. HP Partner 262 993 2231 ** Please visit our blog! http://www.sourceonetechnology.com/blog/
