Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Changing Admin Password

Status
Not open for further replies.
Jul 26, 2001
29
GB
Hello, After a recent Audit I am going to have to Change the Domain Admin Password. Hoewver many services use this account and maybe other stuff to. Is there a tool or command that can identify what services/apps/systems etc etc are using this password. ?

Thankyou, John
 
By default, no services use the domain admin account. If you have modified some services or installed services/applications and directed them to use the domain admin account, you will have to make changes there.

I am not aware of a utility which will seek out the account on your entire network and let you know what uses it. Let us know if you find something though. Some good places to start might be Rob van der Woude's Scripts, Sysinternals or the Microsoft Script Center.

Links:


-Joe
 
I doubt that you're going to find anything, because there can be services or systems literally anywhere that use the domain admin account. That's like saying that you want a list of all directories that a particular user has access to.

Do yourself a favor this time around and create a service account for each of those services/applications that require an account instead of running it under the domain admin account. That way if you have to change the domain admin again the services will still be OK. Also, if you later on decide to replace those services/applications then you can tell which accounts they were using much easier.

The domain admin account should only be used for the initial domain setup, and then to create domain admin accounts for each person who will be managing systems in a way that requiers domain admin. After that, it really shouldn't be used very often at all.
 
kmcferrin: Please check out this nifty utility:

It will list all directories, files and registry keys a users has access to.

That's not the same thing as what I'm talking about. That application will scan objects and list every user who has access to that object, as well as what sort of access they have. That's not the same thing as saying "I need to see everything that John Smith can access." You could try to use this tool for that, but you'll get a list of everything along with the permissions, then you'll have to get a list of the groups that John Smith is a member of, then you'll have to filter the output of this script to only show items where John Smith or a group that he is a member of has rights, and then you might have what I was talking about. But that's only one server, you would have to repeat the process for every server in an organization.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top