.png)
Authored by: Support.com Tech Pro Team
How to Find Out When an Object was Created in Active Directory
Below are the steps it takes to generate a report for when objects are created in Active Directory using native processes:
In the Run window, type the command – gpmc.msc to open the Group Policy Management Console.
To edit the Group policy of a particular domain, simply select your domain, navigate to the “Default Domain Policy†and right click on it to select the “Edit†option.
In the left panel, navigate to Computer Configuration → Windows Settings → Security Settings → Local Policies → Audit Policy and double-click ‘Audit account management’
Next, click the Security Policy Setting tab and select ‘Success’ under the “Audit these attempts†checkbox.
Expand ADSI Edit and the default naming context. Next, right click on the particular domain name and select Properties.
In the DC properties window, navigate to the security tab and click Advanced. In the Advanced Security Settings, navigate to the Auditing tab and click Add. In the field – Enter the object name, write ‘Everyone’ and in the Auditing Entry, select “Create all child objects†and finally click OK.
Open Event Viewer, expand Windows Logs and select Security. In the “Filter Security Event Log†window, select the duration, event level and fill up the other necessary details along with Event ID – 5137 to get details on when an object was created.
To get more information on the event, Double-click on it to open the Event Properties Window.
Support.com is committed to your privacy
We do not share or sell your data to third parties. We do use cookies and other third-party technologies to improve our site and services. The California Consumer Privacy Act (CCPA) gives you the ability to opt out of the use of cookies, third-party technologies and/or the future sale of your data. Do not sell my personal information.
Support.com is committed to your privacy
Read our Privacy Policy for a clear explanation of how we collect, use, disclose and store your information
