FWIW, no new iPad accounts showing up in AD over the last 6 days. I do have Auditing enabled for any new creation of computer accounts, so when/if it continues to happen I should at least know the exact time it happened so I can check with the helpdesk/iPad techs to see if anyone deployed a new iPad or did anything memorable at that time that could help me track this down..
Jesse Rink Source One Technology, Inc. HP Partner 262 993 2231 ** Please visit our blog! http://www.sourceonetechnology.com/blog/ -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jesse Rink Sent: Wednesday, March 16, 2016 11:42 AM To: [email protected] Subject: Re: [NTSysADM] Re: Strange computer accounts in AD The OS version on these iPad computer accounts always shows 10.10.3 or 10.10.4 or 10.10.5 , and Mac OS X... Jesse Rink Source One Technology, Inc. HP Partner 262 993 2231 ** Please visit our blog! http://www.sourceonetechnology.com/blog/ ________________________________________ From: [email protected] <[email protected]> on behalf of Charles F Sullivan <[email protected]> Sent: Wednesday, March 16, 2016 11:36 AM To: [email protected] Subject: RE: [NTSysADM] Re: Strange computer accounts in AD You got my interest with this one because we have hundreds of Macs joined to AD. I don't see any names like that, but if you go to the properties of one, what is the OS name and version? -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jesse Rink Sent: Wednesday, March 16, 2016 12:32 PM To: [email protected] Subject: [NTSysADM] Re: Strange computer accounts in AD Actually.. you just gave me an idea. We don't have Exchange anymore, but I really need to verify that just because I see the account in the computers contains, I need to verify 100% it's an actual computer account and not something else (I was making an assumption, ugh)... Will check. Jesse Rink Source One Technology, Inc. HP Partner 262 993 2231 ** Please visit our blog! http://www.sourceonetechnology.com/blog/ ________________________________________ From: [email protected] <[email protected]> on behalf of Wolf, Daniel <[email protected]> Sent: Wednesday, March 16, 2016 11:24 AM To: [email protected] Subject: [NTSysADM] RE: Strange computer accounts in AD Where are you finding the objects? Exchange creates AD objects for ActiveSync devices, but I don't think they're computer objects... -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Brian Desmond Sent: Wednesday, March 16, 2016 10:59 AM To: [email protected] Subject: [NTSysADM] RE: Strange computer accounts in AD You can enable auditing and see where they're coming from. Are they using Intune or AD FS with Workplace join? Thanks, Brian Desmond w - 312.625.1438 | c - 312.731.3132 -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Jesse Rink Sent: Wednesday, March 16, 2016 10:45 AM To: [email protected] Subject: [NTSysADM] Strange computer accounts in AD Haven't been able to make much sense of this so far... One of my customers is Mac-centric for their devices (50% Macbooks/iMac, 40% iPads, 10% PCs). Depending on who is using the MacBook, the devices are either a) joined to AD, or b) not joined to AD. I can obviously account for seeing Macbooks and iMacs in the Computer containers of AD once the Macbooks are joined. What I can't seem to account for it... How in the world I'm finding computer accounts for iPads in AD. The customer uses a standard naming convention here for devices, so I shouldn't be seeing computernames in AD's computers container like "AB-iPad-John-88" or "AB-iPad-Mike-77". Everyone in IT claims they wouldn't name a standard computer device with that naming convention and only use those naming conventions for iPad devices so.... if that's the case, why am I seeing computer accounts getting created with those names in AD? This doesn't happen for EVERY iPad deployed, but it seems like 5% of them? I typically just delete the computer account from AD which has yet to cause any complaining/problems... but eventually, more start to appear. I'm going to dig into Microsoft security auditing policies deeper and see if there's a way I can send new computer account creation logs to the Security Log, etc. maybe that'll give me more info how they're getting created. Jesse Rink Source One Technology, Inc. HP Partner 262 993 2231 ** Please visit our blog! http://www.sourceonetechnology.com/blog/
