Posted: 9/7/2006 11:15:13 AM EDT
|
We're decommissioning one of our 2003 native AD domains and we have a number of service accounts that we need determine what computer is utilizing them for domain authentication. Anyone have any idea how I can determine this information? IP address, host name, NetBIOS name, I don't care. If I can get anything I can track down the location and RDP into the damned thing. I don't want to have to change the default DC GPO if I don't have to. Help! And just so you know, I'm an enterprise admin in all of our forests so there's no problem with priveleges. E-95 |
|
I had to document all of the pc's connecting to our domain, and I used a program called "Advanced IP Scanner", believe it was from www.radmin.com. It will show the NetBios name and various other info. -d |
|
Enable auditing of logons on your DC, or on the machine itself. Use netstat to monitor connnections. If netstat isn't doing it for you, Ethereal is a great tool. Once you've done that, disable the accounts you think are unused, and wait for the service start failures in the event log. The other way would be to check each service to see what it's startup account is. |
|
only problem with looking in the logs is that there won't be any entries unless some restarts the box with the service on it. or restartes the service associated with the account. If you know the name of all the machines I've used a tool called Service Explorer in the past (not free but not ridiculously expensive) when i've been involved in taking over managment of large domains. (I work for an outsourcer) www.scriptlogic.com/products/serviceexplorer/ |