Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

script or cmdlet to retrieve service accounts in AD, and export to a CSV file

Posted on 2016-08-31
4
Medium Priority
?
89 Views
Last Modified: 2016-09-08
Hello Team,

My customer runs a Windows 2008 Forest/domain functional level with multiple sites, and OUs, and one of these OUs
is dedicated to host service accounts.

Their standard convention name for any service accounts should start with "SVC" defined on the user logon name and display name

I have following scenario, and need to know to get a script, or cmdlet to retrieve any service accounts under a specific OU which logon name or display name may not contain "SVC"

The report should be exported to a CSV, and contain only those service accounts that were created with a different standard for logon name or display name

Please, test the script on your lab before posting here
0
Comment
Question by:Jerry Seinfield
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
4 Comments
 
LVL 85

Accepted Solution

by:
oBdA earned 2000 total points
ID: 41778248
Get-ADUser -Filter "(SamAccountName -notlike 'SVC*') -or (DisplayName -notlike 'SVC*')" -Property DisplayName -SearchBase "ou=Service Accounts,ou=ServiceAccounts,ou=SomeOU,dc=acme,dc=com" |
	Select-Object SamAccountName, DisplayName |
	Export-Csv C:\Temp\BadServiceAccounts.csv

Open in new window

0
 

Author Comment

by:Jerry Seinfield
ID: 41778420
can you please provide an example of the seachbase using your cmdlet above? Need to know full path
0
 
LVL 85

Expert Comment

by:oBdA
ID: 41778434
There is an example right there? The Distinguished Name of the OU in question? I wouldn't know the full path to your customer's dedicated service account OU.
If the name of this OU is unique (for example 'Service Accounts'), you can use Get-ADOrganizationalUnit:
$DN = (Get-ADOrganizationalUnit -Filter "Name -eq 'Service Accounts'").DistinguishedName
Get-ADUser -Filter "(SamAccountName -notlike 'SVC*') -or (DisplayName -notlike 'SVC*')" -Property DisplayName -SearchBase $DN |
	Select-Object SamAccountName, DisplayName |
	Export-Csv C:\Temp\BadServiceAccounts.csv

Open in new window

1
 

Author Comment

by:Jerry Seinfield
ID: 41790186
zZX
0

Featured Post

10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
Here's a look at newsworthy articles and community happenings during the last month.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question