For any technology, when it is managed by many admins or teams for management/routine jobs. Getting track of routine tasks is very important.

Use case: Active Directory has many PC/Server objects lying in the computers container/OU. The creators are not informing the admins to move the same to respective OU’s. We need to find a way to know who has created these objects.

I have written a small script which will help to identify these objects and its creators.

#Creating an array to store the details
$ADObjectList = @()

Get-ADComputer -SearchBase "CN=Computers,DC=domain,DC=local" -Filter * -Properties * | % {
    #Custom PS object to store the information
    $ADObj = [pscustomobject]@{
    HostName = $_.Name
    Owner = (Get-Acl -Path "AD:$($_.DistinguishedName)").Owner
    CreatedDate = $_.whenCreated
    }
#Adding the custom object to the list
$ADObjectList += $ADObj
}

#Now we have Output which can be filtered as required
$ADObjectList | where {$_.Owner -like "*username*"} | ft *

Note: when objects are created, the security information has a property “owner” which will have the information about the creator. But there are certain situations where the owner information is overwritten, in such cases the above script will not give correct information.

The same script can be used to get other ACL information of the objects.

Thank you for reading my post.