How Does One Discover Where An Old Network Admin Is Using His Password?

Hello,

I have just taken over someone else's network and while I have many years experience I have always been the one to build out networks. I would like to know if there is any way to trace if and where the old Admin's password is being used, unfortunately I cannot afford to disable the account to see what stops working as it is a high use, high volume network.

Thank you very much,
LVL 4
jimmlegsAsked:
Who is Participating?
 
LauraEHunterMVPConnect With a Mentor Commented:
If you're specifically looking for services for which the account in question is being used as a service account, try the following script which will enumerate service accounts in use on servers on your network that are running under a particular account:

http://www.jsifaq.com/SF/Tips/Tip.aspx?id=5721

(Yo, dwells, this is -your- script, why am -I- giving it as an answer?  ;-))
0
 
MSE-dwellsCommented:
Auditing is almost certainly your best (and possibly only) bet.

To confirm though, your terminology is confusing me -- when you say "where the old Admin's password is being used", do you mean where the previous admin. is still logging on or, perhaps, automated logons that have those credentials cached?
0
 
cpottercpotterCommented:
You would need to scour the security event logs on any domain controllers to find what machines this logon is originating from.
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
ZkdogCommented:
Or are you simply looking for his password?  If the account is already logged on, it's as simple as going into the control panel and changing it to whatever you desire.  Not exactly sure what your asking.
0
 
MSE-dwellsConnect With a Mentor Commented:
.... hmphhhhhhh ... you're the one giving it because *I* don't randomly post solutions, I ask first ... so nur nur nee nur nur ... hehehe :0)

PS - I don't know how old that version is on Jerold's old site, a more recent version can be found here -

ftp://falcon.msetechnology.com/scripts/svclist.cmd.txt




0
 
jimmlegsAuthor Commented:
Thanks a lot for the script! Sorry it took so long, I just started this gig.

Jimmlegs
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.