Event ID: 4720A user account was created
A user account was created. Subject: Security ID: %4 Account Name: %5 Account Domain: %6 Logon ID: %7 New Account: Security ID: %3 Account Name: %1 Account Domain: %2 Attributes: SAM Account Name: %9 Display Name: %10 User Principal Name: %11 Home Directory: %12 Home Drive: %13 Script Path: %14 Profile Path: %15 User Workstations: %16 Password Last Set: %17 Account Expires: %18 Primary Group ID: %19 Allowed To Delegate To: %20 Old UAC Value: %21 New UAC Value: %22 User Account Control: %23 User Parameters: %24 SID History: %25 Logon Hours: %26 Additional Information: Privileges %8
This event generates every time a new user object is created.
This event generates on domain controllers, member servers, and workstations.
Lookup Audit Policy Configuration Settings
C:\> AuditPol.exe /get /subcategory:"User account Management"
LEFT/RIGHT arrow keys for navigationBack to List