Active Directory

Who created a user object


Get-ADObject -Identity <ObjectIdentity> | Get-QADObjectSecurity -Owner





query your DCs for event id 624:

$filter = “LogFile=’Security’ AND EventCode=624 AND SourceName=’security’ AND CategoryString=’Account Management’ AND Message LIKE ‘%User Account Created%’ AND Type=’Audit Success'”
Get-WmiObject -Class Win32_NTLogEvent -Filter $filter -cn DC1,DC2 | Select-Object @{n=’UserName';e={$_.InsertionStrings[0]}},@{n=’Creator';e={$_.InsertionStrings[3]}}

Using Acctinfo.dll on a 64 bit OS – Lockout Tools


Using Acctinfo.dll on a 64 bit Platform

The following steps outline the procedures for installing the Additional Account Info tab on a 64 bit system.

  1. Download Account Lockout and Management Tools
  2. Copy acctinfo.dll from to C:\Windows\SysWOW64
  3. Open a Command Prompt in the directory C:\Windows\SysWOW64
  4. Run regsvr32 acctinfo.dll.
  5. Open Active Directory Users and Computers via the run box and this command : dsa.msc -32
More info about Account Lockout Tools :

KCC Inter-Site Topoly Generator : Invalid


In Active Directory Sites and Services, NTDS settings shows an Invalid  Inter-Site Topoly Generator.
The interSiteTopologyGenerator attribute show an old attribute.

CN=NTDS Settings\0ADEL:febe8608-7977-4f96-8c78-d6eedd221381,CN=Servers,CN=<site>,CN=Sites,CN=Configuration,DC=<domain>

Solution : delete this old attribute and trigger kcc.


The Knowledge Consistency Checker (KCC) is an active directory process that runs on domain controllers and automatically identifies or calculates the most efficient replication topology for the network using data provided by the network in active directory sites and services. To improve replication traffic in most networks, the ISTG might be enabled so that KCC can logically generate (Create) connection objects based on the physical network layer. This is good because KCC will only create connection objects in active directory if it is required for a particular site.

ISTG Reference numbers:
0:To  Enable ISTG
1:To disable automatic intrasite topology generation
16:To disable automatic intersite topology generation
17:To disable both intrasite and inter-site topology generation


Start Active Directory Sites and Services

Click on the site

In the right pane, right click NTDS Site settings


Attribute Editor

Clear the interSiteTopologyGenerator (double click and press the clear button)

Check the options atribute, if set tot 0 it will automatically rebuild the Inter-Site Topoly Generator settings



With repadmin /kcc you can force it.

Forces the Knowledge Consistency Checker (KCC) on each targeted domain controller to immediately recalculate the inbound replication topology.

More info about this command :

More about KCC :


Go to Top