Find what servers domain account is used on in the network?
Hi,
We have one domain admin account used on numerous servers in our organization. I've been slowly trying to replace this generic domain admin account with a specific domain account for each software/server. Do you know of a tool that will tell me what machine is using a specific domain account and possibly what application on that machine is using the account?
I know I can look through our various domain controllers at the Security Log, but i'm looking for something that i can query for information by username. I'd like the tool to run continuously for a month or look through at least a month of logs.
Thanks.
We have one domain admin account used on numerous servers in our organization. I've been slowly trying to replace this generic domain admin account with a specific domain account for each software/server. Do you know of a tool that will tell me what machine is using a specific domain account and possibly what application on that machine is using the account?
I know I can look through our various domain controllers at the Security Log, but i'm looking for something that i can query for information by username. I'd like the tool to run continuously for a month or look through at least a month of logs.
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
There used to be a tool out a while ago from digital labs called locate user. This tool would poll all of the computers/server in your environment and tell you where the account was logged on. It would do services as well as logins.
Unfortunately the company seems to have closed up shop you may still be able to find a copy floating around somewhere.
Unfortunately the company seems to have closed up shop you may still be able to find a copy floating around somewhere.
ASKER
Wow~ This was a fast simple solution.
1) Install Windows Server 2003 Resource Kit Tools
2) Go to Start-Programs-Windows Resource Kit Tools-command prompt.
3) Run eventcombmt.exe
4) Setup the GUI to search for event ID 675, Search Security Logs, and for event types select the options you like. Make sure you have your DC's added too. Then his search. The results show up in a folder located in the c:\temp.
5) From there open in Excel then do a mass delete of all the rows that don't contain the account you are looking for.
1) Install Windows Server 2003 Resource Kit Tools
2) Go to Start-Programs-Windows Resource Kit Tools-command prompt.
3) Run eventcombmt.exe
4) Setup the GUI to search for event ID 675, Search Security Logs, and for event types select the options you like. Make sure you have your DC's added too. Then his search. The results show up in a folder located in the c:\temp.
5) From there open in Excel then do a mass delete of all the rows that don't contain the account you are looking for.
Not pretty but affective.