I'm trying to remove an older account from regular use in order to better secure my network. Prior staff had gotten in the habit of using the same domain admin account for many services and applications and I'd like to clean it up. I'd like to find a way to see where this account is being used without having to examine every single service and application that we use.
We're running a server 2008 domain with two DCs. What would be the easiest way to find out where this account is being used? I was thinking the event logs would be a good place to start but I am not very familiar with some of the more advanced events with server 2008. If there is a tool for this purpose that I could run and save time that would be even better.