|
|
|
Forum Newbie
Group: Forum Members
Last Login: 8/5/2010 4:18:05 AM
Posts: 3,
Visits: 0
|
|
If I create any user using Exchange 2010 Mgmt console, the 4720 event appears like this,
A user account was created.
Subject:
Security ID: DDAP\WIN-SPHMGBD83J0$
Account Name: WIN-SPHMGBD83J0$
Account Domain: DDAP
Logon ID: 0xbab029c
The "Subject Account Name" is the computer where my Exchange 2010 is running. Can you please explain this behavior?
|
|
|
|
|
Expert
Group: Administrators
Last Login: 4/20/2009 7:57:33 AM
Posts: 326,
Visits: 0
|
|
| That's because the Exchange service is running as LocalSystem or Network Service which when it connects to other servers like Active Directory it authenticates as that computer's domain account. Also, Exchange is evidently not impersonating you prior to creating the account in AD, instead it is just performing the user creation as itself.
|
|
|
|
|
Forum Newbie
Group: Forum Members
Last Login: 8/5/2010 4:18:05 AM
Posts: 3,
Visits: 0
|
|
Thanks for the explanation, Randy.
So if users are created using Exchange Management Console 2010, is there a different way of identifying the "Subject Account Name".
|
|
|
|
|
Expert
Group: Administrators
Last Login: 4/20/2009 7:57:33 AM
Posts: 326,
Visits: 0
|
|
|
|
|
|
Forum Newbie
Group: Forum Members
Last Login: 8/5/2010 4:18:05 AM
Posts: 3,
Visits: 0
|
|
Thank you very much for the link and the details.
~Bala
|
|
|
|