有没有简单的方法来确定使用哪个用户帐户将计算机加入域?
答案1
旧帖子,但相关问题。计算机对象将附加创建它的对象的 SID。为此使用 ADSIedit。此外,AD 审计日志记录:http://technet.microsoft.com/en-us/library/cc731607(v=ws.10).aspx
答案2
在本地域控制器的安全事件日志下查找事件 ID 645。该事件将包含用户名。
您必须配置事件审核来捕获这些事件。
更多信息请点击这里: http://technet.microsoft.com/en-us/library/cc787268%28WS.10%29.aspx http://technet.microsoft.com/en-us/library/cc737542%28WS.10%29.aspx
答案3
简单的方法可能是检查加入的客户端计算机上的日志,以查看计算机加入时谁登录了,或者检查作为主域控制器的服务器的日志。
如果启用了事件审计,您可能也可以在那里看到。
答案4
我正在寻找类似的东西,但找不到明确的答案。我确实找到了一些可能对其他人有帮助的解决方法。
查看 windows\debug 文件夹下的 NetSetup.log。这里有一小段代码,你可以从你的电脑上运行它:
$NoInfo = $null
$Offline = $null
$List = $null
#Get-Content unknowns.txt | foreach {
Get-ADComputer -Filter 'OperatingSystem -like "*Windows server*"' -Properties * | foreach {
$FQDN = $_.DNSHostName
$Path = "\\$FQDN\c`$\Windows\debug\NetSetup.log"
if (Test-Connection $FQDN -Count 1 -ErrorAction SilentlyContinue) {
if (Test-Path $Path) {
write-host "`n`nChecking $FQDN..."
$User = ($($(Select-String -Path $Path -Pattern "lpAccount: " -CaseSensitive) -split " ")[3])
$User
[array]$List += Write-Output $FQDN";"$User
}
else {[array]$NoInfo += $FQDN}
}
else {[array]$Offline += $FQDN}
#sleep 5
}
$list
或者,如果您有 vCenter 服务器,那么您可以从 VMware powerCLI 尝试以下操作。创建虚拟机的人可能已将计算机加入域。
在我的环境中,结果非常准确:
$servername = Read-host "Enter server name"
$Events = Get-VIEvent -Entity $servername -Types info -MaxSamples 999999999
foreach ($event in $events) {
$test = $true
if ($event.fullFormattedMessage -match "Deploying $servername on host") {
Write-Host ("`n$servername is created by User " + $event.username + " at: " + $event.createdTime)
Write-Host ("`nEvent Details:`n--------------`n" + $event.fullFormattedMessage)
$OwnerList += New-Object -TypeName psobject -Property @{Servername=$servername;Username=$event.username;CreationTime=$event.createdTime;EventMsg=$event.fullFormattedMessage;Estimated="No"}
$test = $false
}
elseif ($event.fullFormattedMessage -like "Clone of*completed") {
Write-Host ("`n$servername is created by User " + $event.username + " at: " + $event.createdTime)
Write-Host ("`nEvent Details:`n--------------`n" + $event.fullFormattedMessage)
$OwnerList += New-Object -TypeName psobject -Property @{Servername=$servername;Username=$event.username;CreationTime=$event.createdTime;EventMsg=$event.fullFormattedMessage;Estimated="No"}
$test = $false
}
elseif ($event.fullFormattedMessage -match "Creating $servername on host") {
Write-Host ("`n$servername is created by User " + $event.username + " at: " + $event.createdTime)
Write-Host ("`nEvent Details:`n--------------`n" + $event.fullFormattedMessage)
$OwnerList += New-Object -TypeName psobject -Property @{Servername=$servername;Username=$event.username;CreationTime=$event.createdTime;EventMsg=$event.fullFormattedMessage;Estimated="No"}
$test = $false
}
}
if ($test -eq $true) {
Write-Host "`nWarning: Unable to find the server owner" -BackgroundColor Yellow -ForegroundColor Black
Write-Host "Note: Following entries are estimates only." -BackgroundColor Yellow -ForegroundColor Black
Write-Host "Recommendations:"
$lastevent = (Get-VIEvent -Entity $servername -MaxSamples 999999999 | Select-Object -last 1)
if ($lastevent.username -ne $null -and $lastevent.username) {
Write-Host ("`n$servername is created by User " + $lastevent.username + " at: " + $lastevent.createdTime)
Write-Host ("`nEvent Details:`n--------------`n" + $lastevent.fullFormattedMessage)
$OwnerList += New-Object -TypeName psobject -Property @{Servername=$servername;Username=$lastevent.username;CreationTime=$lastevent.createdTime;EventMsg=$lastevent.fullFormattedMessage;Estimated="Yes"}
}
$events = $Events | sort CreatedTime
:loop foreach ($event in $events) {
$event.username
if ($event.username -ne $null -and $event.username) {
Write-Host ("`n$servername is created by User " + $event.username + " at: " + $event.createdTime)
Write-Host ("`nEvent Details:`n--------------`n" + $event.fullFormattedMessage)
$OwnerList += New-Object -TypeName psobject -Property @{Servername=$servername;Username=$event.username;CreationTime=$event.createdTime;EventMsg=$event.fullFormattedMessage;Estimated="Yes"}
break loop
}
}
}
