We did a sweep of recent account changes, a couple of accounts have recently been compromised and we wanted to check for anything unusual.
One account popped up showing a change made on Monday, none of the administrators have a record of or remember even looking at this particular account so I started to dig into it. The app we use to report this is ManageEngine ADAudit Plus and the information it provided was this
I have removed the user name and domain controller details for obvious reasons. The Caller User Name has also been removed for the same reasons, but it was listed as one of our Exchange servers.
From what I understand, the modified attribute is no longer used, everything I can find relating to it says it was used in Exchange 2003, we are using Exchange 2013 and this user account was created this year, when we were already using 2013 so it is not something inherited from an old Exchange environment.
Does anyone have any idea what this means? I have tried to replicate it on a test account and cannot.