Tracking service accounts in ChangeAuditor

We have been required to change our service accounts that have never been changed since I started.  I know I can pull a list of service accounts in EnterpriseReporter.  My problem is finding out who an what is using these accounts.  Especially application wise this is a huge concern obviously.  Can anyone help or have done this in the past in CahangeAuditor with the help of a scrip maybe?  Appreciate the help.

  • This is always a tough question to answer.

    Logon information for those accounts as captured by Change Auditor (assuming you tracking logon activity) might be helpful.  But then again, it might not.

    I would suggest you use Reporter to get a list of all Windows services from all your servers and see where these accounts are in use.

    Also, getting a list of local groups memberships from your servers could give you a clue as to where these accounts are in use.

    Once in the Reporter database, from a pure reporting point of view, the distinction between AD and server local groups disappears so getting a consolidated view of this would not be that difficult.

    'Hope this is useful food for thought.