As you may already know, the ADSolutions team released a free service account management tool just last month. You can read about it here: https://blogs.manageengine.com/free-tools/active-directory-free-tools/2015/07/16/windows-service-account-finder-and-reporter.html. Now, we have updated the tool to make it even more powerful and useful for you, in your environment.
For those who don’t already know this tool, you can download it here:
This tool allows you to select all the domain controllers, servers, and even workstations that you need to gather service account info from. It then gathers and lists each and every Windows service account in a compact list. The tool also lets you save the list to a CSV format, a portable and usable format.
Now, thanks to the update, the tool also allows you to filter the list of service accounts gathered from the computers, so that you are only viewing users, and not built-in accounts. This will give you a streamlined list of local and Active Directory users that have been associated with services. You can see this result in Figure 1.
Figure 1. Filter your service account list to only show users.
A common request that we received was the ability to see which service the account is associated with. Well, we now give you that information, as well! Figure 2 illustrates what this will look like, and how powerful this information really is.
Figure 2. Service accounts and their associated service.
You no longer need to wonder where service accounts are configured, as you now have complete control over your service account documentation.
In addition, once you have the list of service accounts, you can create a custom report and alert in ADAudit Plus, so you can track, in real-time, any change that occurs to any service account. See how to set this report up here (the steps are the same for both group and service accounts): https://blogs.manageengine.com/active-directory/2015/04/16/securing-active-directory-group-membership-alerts.html .