Domain Administrator Password Change

Posted on 2009-12-18
Last Modified: 2012-05-08
All, we are looking at doing this soon, can anyone recommend any decent tools that will pull back info on where the admin account is used:

ie Scheduled Tasks, Services, apps etc

We would like this to be seamless as possible, any ideas?


Question by:wk6838
    LVL 10

    Expert Comment

    I don't think, such tools are available in the market. You need to identify those manually in all workstations and servers.

    LVL 4

    Accepted Solution

    There are no tools available as far as I know to verify this. You can write a script for this and apply it on all servers/workstations you want to scan for the use of the domain admin account. The script can report it back to a central logfile or something. In my opinion this is the most effective way to accomplish this task.

    For my understanding: why are domain admin accounts used for service accounts? Normally you won't use a domain admin account for this. Domain admin accounts may only be given to those persons who are responsible for maintenance across the domain, not for service accounts.


    LVL 70

    Assisted Solution

    Indeed there is no simple way of doing this, which is why the recommended policy has always been NOT to use the administrator (or indeed any other "user" account for these purposes). You should create accounts specifically for the purpose, accounts which are not use by users for logon, and set these to have complex passwords that never expire.
    LVL 70

    Expert Comment

    I stumbled across some scripts which may help - see

    However, please head the previous advice and take the opportunity to create new accounts, specifically for the job.
    LVL 21

    Expert Comment

    To output scheduled tasks (not created with AT):

    schtasks.exe /query /fo list /v > c:\scheduledTasks.txt

    or just find if the admin is running it:

    schtasks.exe /query /fo list /v | find "User"

    I made a vbs-script to check for services some years ago. You are prompted for which server to control and the username. You need to run the script with a user that have privilage on the remote serveres. If you have alot of servers this job will take som time for you to complete. You can modify the script if you have many servers and make it read from a text file the server names to check against.

    Dim Input
    strUser = InputBox("User: ")
    strComputer = InputBox("Check on server: ") 
    WScript.Echo "Looking if " & strUser & " is running any services on " & strComputer
    Set objWMIService = GetObject _
        ("winmgmts:\\" & strComputer & "\root\cimv2")
    Set colServices = objWMIService.ExecQuery _
        ("Select * From Win32_Service Where StartName = '"& strUser &"'")
    For Each objService in colServices
        Wscript.Echo objService.Name
    msgbox "Done"

    Open in new window

    LVL 11

    Expert Comment

    You can install GPO to enable audit policies on all servers and workstations. Then use a event log collector software to gather all the logs and trigger alerts on certain conditions, in this case the use of the administrator account.

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Too many email signature changes to deal with?

    Are you constantly being asked to update your organization's email signatures? Do they take up too much of your time? Wouldn't you love to be able to manage all signatures from one central location, easily design them and deploy them quickly to users. Well, you can!

    If you migrate a Terminal Server licenses server inside the 2008 server family, you can takte advantage of the build-in migration tool. If you like to migrate an older 2003 Server (and the installed client CALs) to a 2008 R2 server for example, you …
    Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
    This tutorial will give a short introduction and overview of Backup Exec 2014 and the additional features that have been added over its predecessor Backup Exec 2012. As with Backup Exec 2012, the Backup Exec button in the upper left corner. From her…
    This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now