AD account audit?

Lanz

Lanz

Lanz

Soldato
Joined
26 Nov 2002
Posts
6,852
Location
Romford
Is there an easy way of looking at a certain account on a DC, to list what location/server/pc that account is authenticating from?

The problem I have is need to change the pw of a service account, but I haven't got a full list of services/applications that this account is connected to.
 
You could probably trawl through your security logs on your DC's to find it, the other way is to go fishing change it and see what breaks lol

This is why should keep a list of things like that, if we have to use an account for a service account we tend to use a stupid complex password so we do not to change it, as changing it can break a metric load of stuff, one of our passwords we dare not change as its deeply buried in programs, mainframes, SAN's changing that would end the world lol.
 
From what I recall there is an attribute in AD that holds the last workstation/server the account used. If you use adsiedit you can trawl the attributes of the account to find it. Unfortunately it doesn't keep any history, so you may want knock up script to periodical interrogate this attribute to get list of workstations/servers.


I think the attribute is 'User-Workstations' see here

http://msdn.microsoft.com/en-gb/library/windows/desktop/ms680868(v=vs.85).aspx

Here's some code to interrogate AD as starting point.

http://ss64.com/vb/syntax-userinfo.html
 
Last edited:
You must log in or register to reply here.
Back
Top Bottom