We have a AD forest that covers 200+ sites, 24 child domains attached to a root. I have been handed the rather daunting task of auditing every site for machines which do not authenticate through AD. I need to cover both workgroups and 'illegal' domains. My first try was to locate Wins servers and check for all entries of type Workgroup or Domain and compare them to the approved list, but this is fairly painful in terms of time required.
Has anybody got any thoughts on automating this? Maybe using scripting to enumerate all Wins servers in the forest, then another to interrogate the servers for the required infomation about the workgroups/domains.
Any help will be greatly appreciated