• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 213
  • Last Modified:

How do i find the computers/resources that are authenticating using a particular account

I have an AD environment and i want to find all the computers/applications/services that are configured to use a particular account. Kind of like using the accountlockstatus tool but in this scenario the account is not locked out. I just want to know which resource is using it to authenticate.

Thanks
0
socan
Asked:
socan
  • 3
  • 2
1 Solution
 
NavdeepCommented:
There are two things Authentication and Authorization.

You can see authentication events on PDC and DC which Account has used to logon, Ideally you can use EventComMbt tool to query all the DC for logon event id.

Authorization. This will be based on NTFS permission. For this you need to enable Auditing. Then you can analyze the logs to find out who has accessed the files/folders.
0
 
socanAuthor Commented:
I was looking more less for a utility that would this. Is there any such thing available?
0
 
NavdeepCommented:
EventComMBT is a utility that can tell you based on the event id found in the security logs across ur domain controllers.
0
 
socanAuthor Commented:
used netwrix
0
 
socanAuthor Commented:
used own comment as solution because none of the answers provided gave me what i was asking for
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now