At a recent engagement a customer wanted to quickly scan through multiple servers to easily determine which services were set to log on as non-standard accounts, i.e. ones like network service, and local service were OK, but which ones were using an Active Directory logon for example? They also wanted to search specific portions of the AD, so logic was added to start searching a collection of computers from a given OU.
We took the opportunity to quickly knock up a PowerShell script to leverage the Windows 2008 R2 AD cmdlets in combination with WMI to show which services on multiple computers were using specific credentials. Please find the script attached to this blog post.
While the Get-Service cmdlet is able to query services on remote machines using the -ComputerName parameter it is not able to interrogate the Log On As information for a service. WMI is able to do this, and by using the Get-WMIObject cmdlet it was simple to query for the desired logon information.
Note that the OU path is set in the script, and unless you work for TailspinToys.com you will have to edit the OU path to reflect the correct structure.
Update 15-7-2014: The script was previously stored on the blog, but since a recent blog upgrade has blocked adding/editing attached files the script has been moved to the TechNet gallery:
If you would like to have Microsoft Premier Field Engineering (PFE) visit your company and assist with the topic(s) presented in this blog post, then please contact your Microsoft Premier Technical Account Manager (TAM) for more information on scheduling and our varied offerings!
If you are not currently benefiting from Microsoft Premier support and you’d like more information about Premier, please email the appropriate contact below, and tell them you how you got introduced!
For all other areas please use the US contact point.
wow thats a lot of code a 1 liner would probably sufficed,
-filter "startname like 'tailspintoys%'"
Hi Tony - Potentailly that can be compressed though it was also done intentionally this way to demonstrate a couple of items for scripting purposes. Plus the above also picks up local service accounts, and not just dominname\serviceaccount
Totally agree that filtering is the way to go for performance.