• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 343
  • Last Modified:

Service Account - Which servers are using it?

Hi Guys,

I need to find out which servers, computers, software etc are using a service account on my active directory, how can I find this information out?

Thank you in advance.

Kelly Garcia
Kelly Garcia
  • 2
  • 2
3 Solutions

You can set a login script for the svc account userid that could be as simple as

echo >>%computername% \\domain\netlogon\svcacctpcs.txt

So whenever the service account userid logs in it will update that text file.

There are more complicated solutions but this should work for you.

- gurutc
VirastaRUC Tech Consultant Commented:
Kelly GarciaSenior Systems AdministratorAuthor Commented:
Hi Guru TC,

That script doesn't work, I tried it first without applying as logon script, there is something wrong with the code it self, when I try just echo >> %computername% this doesn't output anything.

thanks any way.
Kelly GarciaSenior Systems AdministratorAuthor Commented:
I've tried

echo %computername% >> \\ds.we.tre.uk\netlogon\svcacctpcs.txt,

however when I check the text file it gives me Chinese characters

Not sure why that's happening.  Another way we track failed logons which would also work for successful logons is to use psloglist from sysinternals.

you could run the following in a batch file on one of your DCs as a scheduled task every 5 minutes:

rem begin batch

psloglist /accepteula \\domaincontroller1,domaincontroller2 -i 528 security -s -m 5 |findstr /I "svcacct"  >>testdc.001



Set PARSEARG="eol=; tokens=1,2,3,4* delims=/, "
For /F %PARSEARG% %%i in (%CURRDATE%) Do SET YYYYMMDD=%%l%%k%%j

Set PARSEARG="eol=; tokens=1,2,3* delims=:, "
For /F %PARSEARG% %%i in (%CURRTIME%) Do Set HHMM=%%i%%j%%k

RENAME testdc1.001  %YYYYMMDD%%HHMM%.txt

rem end batch

This will create files every 5 minutes tracking your service account's logins.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now