This is an automated archive.
The original was posted on /r/sysadmin by /u/ReddyFreddy- on 2024-01-24 02:17:19+00:00.
TL;DR
Where can I find evidence of a computer account creation (Event 4741) when the new computer object is not created on the domain controller?
I tried to make that as succinct as possible, but here's what I mean.
Let's say I have a domain controller and a separate designated server where I do my AD work. We'll call them DC and Other.
If I create a computer account manually on DC, Event 4741 is easy enough to find. No problem there. However, if I create a computer account manually on Other, there's nothing in DC to show that a new computer account was created.
Shouldn't there be some trace event on the main DC somewhere to show that a new account was created? I've been reading the Event Log all day, and the novelty of that wore off long ago. Worse, there are several "Others" in this problem, and I can't realistically monitor them all.
[edit for clarity]
This is not about user accounts, either domain or local. I mean computer accounts, or computer objects. For reference, here is what Microsoft has to say about Event 4741.