The record of who added the system to the domain would be on the domain controller they authenticated against. This event may or may not be in the security log depending on what you are or are not auditing.
So did you take a default install of Active Directory or did you configure auditing? You will be lookin for an Event ID 645 for computer account creation, 646 for a change and 647 for a deletion.
You can learn more about configuring auditing here:
Unless you have locked the network down, Authenticated Users can add up to 10 computers to a network. You can lock that down by following the steps in this article:
If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.
Event Log for Computer added to domain
Logged into our AD server this morning to find out that someone at some point added a computer named "dumbass" to our domain.
Where in the log files would this information be kept, as to who autorized it and from what IP it was added.
Thanks!