Finding if Service Accounts are in use
Hello,
We are retiring one AD domain to move to another. We are in the process of migrating users and I was appointed the task of finding out if service accounts are still in use on the domain. I was told I could use EventcombMT to search DC logs to try and find out if they are in use and what for. I tried running it by checking the security log for success audit and failure audit, and in the text field I put the service account name. I am getting zero results.
Does anyone have any suggestions on using EventcombMT to find this information? I have no background in scripting so that is not an option. I also only have access to free tools. Any advice would be helpful. Thanks.
We are retiring one AD domain to move to another. We are in the process of migrating users and I was appointed the task of finding out if service accounts are still in use on the domain. I was told I could use EventcombMT to search DC logs to try and find out if they are in use and what for. I tried running it by checking the security log for success audit and failure audit, and in the text field I put the service account name. I am getting zero results.
Does anyone have any suggestions on using EventcombMT to find this information? I have no background in scripting so that is not an option. I also only have access to free tools. Any advice would be helpful. Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
How many servers do you have in your environment?
ASKER
I am new to this division of the company. In general, we have over 75 servers and we have 4 domain controllers.
If you have a list of host names, i.e. csv, of the servers we could make a script checking.
Also if you have 180 service accounts, you should also have a csv-file for those.
Also if you have 180 service accounts, you should also have a csv-file for those.
ASKER
I do have a csv file for the service accounts, but not one for the servers. I'm sure there is one somewhere for it but since I'm new here I'll have to ask around. I have no experience scripting at all or really even running them,will that matter?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I have no experience scripting at all or really even running them,will that matter?
It will not matter :)
It will not matter :)
ASKER
Thanks for the offer to build me a script snusgubben. I was not able to get a server list from my manager (security issues), so I just had to use some tools and do the best I could. Thanks though.
ASKER
We have 180 service accounts on this list I have. Some of them I can contact the application teams, others, (that don't have much information) I'm stuck trying to search DC logs I guess.
Anyone have any other suggestions by chance, or use how I can use eventcombmt?
Thanks.