We are retiring one AD domain to move to another. We are in the process of migrating users and I was appointed the task of finding out if service accounts are still in use on the domain. I was told I could use EventcombMT to search DC logs to try and find out if they are in use and what for. I tried running it by checking the security log for success audit and failure audit, and in the text field I put the service account name. I am getting zero results.
Does anyone have any suggestions on using EventcombMT to find this information? I have no background in scripting so that is not an option. I also only have access to free tools. Any advice would be helpful. Thanks.