Use something like MOM or some manual solution (e.g. eventcombmt) to collect all audits for the account logging in - they include the source. My bet is that it's a handful of apps and you can then deal with them on a per app basis.
Thanks, Brian Desmond [EMAIL PROTECTED] c - 312.731.3132 > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:ActiveDir- > [EMAIL PROTECTED] On Behalf Of joe > Sent: Tuesday, June 27, 2006 8:22 PM > To: ActiveDir@mail.activedir.org > Subject: RE: [ActiveDir] Where's that account being used? > > I swear Dean previously posted a script to this list to go looking for > machine's using a specific account for one of their services. > > Other than that, I recommend you spin up at least one other ID, then > start moving services/applications to it. That way when you think you > got them all you can disable the account and see what breaks. > > Overall I am not a terrible fan of a single ID being shared by people > or applications. All acocuntability goes straight out the window. As > for the ID being a domain admin ID... Well that is just ridiculous and > highlights some of the conversations on the list recently. Good luck > cleaning it all up. > > joe > > > -- > O'Reilly Active Directory Third Edition - > http://www.joeware.net/win/ad3e.htm > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of AdamT > Sent: Tuesday, June 27, 2006 12:22 PM > To: ActiveDir@mail.activedir.org > Subject: [ActiveDir] Where's that account being used? > > Dear fountain of knowledge, > > We've inherited a particularly messy AD structure, and we're now trying > to find out where a particular account is in use. There's around 80 > servers in the domain and 3000 workstations, and this account appears > to be used for pretty much anything that wants to log on as a service, > or anyone who wants domain admin privs. > > Is there any kind of audit utility to scan servers and see which > services are using the account, and ideally - any kind of monitoring > package to flag up an alert each time the account is used to, say, map > a drive or connect to a SQL db? > > -- > AdamT > "A casual stroll through the lunatic asylum shows that faith does not > prove anything." - Nietzsche > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.activedir.org/ml/threads.aspx List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.activedir.org/ml/threads.aspx
