How to get all AD User accounts, associated with any application/MSA/Batch Job running in a Local or Remote machine using Script (PowerShell)

Dear Scripting Guys,
I am working in an AD migration project (Migration from old legacy AD domains to single AD domain) and in the transition phase. Our infrastructure contains lots
of Users, Servers and Workstations. Authentication is being done through AD only. Many UNIX and LINUX based box are being authenticated through AD bridge to AD. 
We have lot of applications in our environment. Many applications are configured to use Managed Service Accounts. Many Workstations and servers are running batch
jobs with AD user credentials. Many applications are using AD user accounts to carry out their processes. 
We need to find out all those AD Users, which are configured as MSA, Which are configured for batch jobs and which are being used for different applications on
our network (Need to find out for every machine on network).
These identified AD Users will be migrated to the new Domain with top priority. I get stuck with this requirement and your support will be deeply appreciated.
I hope a well designed PS script can achieve this. 
Thanks in advance...
Thanks & Regards Bedanta S Mishra

Hey Satyajit,
Thank you for your valuable reply. It is really a great notion to enable account logon audit and collect those events for the analysis. But you know it is also a tedious job when thousand of Users come in to picture. You can imagine how complex it will be
for this analysis, where more than 200000 users getting logged in through AD. It is the fact that when a batch / MS or an application uses a Domain Users credential with successful process, automatically a successful logon event will be triggered in associated
DC. But there are also too many users which are not part of these accounts like MSA/Batch jobs or not linked to any application. In that case we have to get through unwanted events. 
Recently jrv, provided me a beautiful script to find out all MSA from a machine or from a list of machines in an AD environment. (Covers MSA part.)
$Report= 'Audit_Report.html'
$Computers= Get-ADComputer -Filter 'Enabled -eq $True' | Select -Expand Name
$head=@'
<title>Non-Standard Service Accounts</title>
<style>
BODY{background-color :#FFFFF}
TABLE{Border-width:thin;border-style: solid;border-color:Black;border-collapse: collapse;}
TH{border-width: 1px;padding: 2px;border-style: solid;border-color: black;background-color: ThreeDShadow}
TD{border-width: 1px;padding: 2px;border-style: solid;border-color: black;background-color: Transparent}
</style>
$sections=@()
foreach($computer in $Computers){
$sections+=Get-WmiObject -ComputerName $Computer -class Win32_Service -ErrorAction SilentlyContinue |
Select-Object -Property StartName,Name,DisplayName |
ConvertTo-Html -PreContent "<H2>Non-Standard Service Accounts on '$Computer'</H2>" -Fragment
$body=$sections | out-string
ConvertTo-Html -Body $body -Head $head | Out-File $report
Invoke-Item $report
A script can be designed to get all scheduled back ground batch jobs in a machine, from which the author / the Owner of that scheduled job can be extracted. like below one...
Function Get-ScheduledTasks
Param
[Alias("Computer","ComputerName")]
[Parameter(Position=1,ValuefromPipeline=$true,ValuefromPipelineByPropertyName=$true)]
[string[]]$Name = $env:COMPUTERNAME
[switch]$RootOnly = $false
Begin
$tasks = @()
$schedule = New-Object -ComObject "Schedule.Service"
Process
Function Get-Tasks
Param($path)
$out = @()
$schedule.GetFolder($path).GetTasks(0) | % {
$xml = [xml]$_.xml
$out += New-Object psobject -Property @{
"ComputerName" = $Computer
"Name" = $_.Name
"Path" = $_.Path
"LastRunTime" = $_.LastRunTime
"NextRunTime" = $_.NextRunTime
"Actions" = ($xml.Task.Actions.Exec | % { "$($_.Command) $($_.Arguments)" }) -join "`n"
"Triggers" = $(If($xml.task.triggers){ForEach($task in ($xml.task.triggers | gm | Where{$_.membertype -eq "Property"})){$xml.task.triggers.$($task.name)}})
"Enabled" = $xml.task.settings.enabled
"Author" = $xml.task.principals.Principal.UserID
"Description" = $xml.task.registrationInfo.Description
"LastTaskResult" = $_.LastTaskResult
"RunAs" = $xml.task.principals.principal.userid
If(!$RootOnly)
$schedule.GetFolder($path).GetFolders(0) | % {
$out += get-Tasks($_.Path)
$out
ForEach($Computer in $Name)
If(Test-Connection $computer -count 1 -quiet)
$schedule.connect($Computer)
$tasks += Get-Tasks "\"
Else
Write-Error "Cannot connect to $Computer. Please check it's network connectivity."
Break
$tasks
End
[System.Runtime.Interopservices.Marshal]::ReleaseComObject($schedule) | Out-Null
Remove-Variable schedule
Get-ScheduledTasks -RootOnly | Format-Table -Wrap -Autosize -Property RunAs,ComputerName,Actions
So I think, can a PS script be designed to get the report of all running applications which use domain accounts for their authentication to carry out their process. So from that result we can filter out the AD accounts being used for those
applications. After that these three individual modules can be compacted in to a single script to provide the desired output as per the requirement in a single report.
Thanks & Regards Bedanta S Mishra

Similar Messages

  • Help needed, M getting this message sandbox environment error no test user account, when downloading any application from iTunes, friend told me to sign out and sign in iTunes it might solve the problem but instead I cannot login I to my itune account.

    Help needed,
    I am getting this message sandbox environment error no test user account, when downloading any application from iTunes, friend told me to sign out and sign in iTunes it might solve the problem , and i triyed it but still  I cannot login I to my itune account. Same message keeping. Popping up,  this problem started supricly today.

    Take a look at the instructions here.
    http://www.technogal.net/2012/03/this-is-not-test-user-account-please.html

  • How to get all images in indesign CS5 with javascript?

    Hi,everybody,
    How to get all images in indesign CS5 with javascript?I want to delete them.
    Anyone can give me some example codes?
    Thanks,
    Bridge

    Hey!
    This will remove all images from your InDesign document:
    var myLinks = app.activeDocument.links.everyItem().parent;
    for(var i = 0; i < myLinks.length; i++)
        myLinks[i].remove();
    Hope that helps.
    tomaxxi
    http://indisnip.wordpress.com/
    http://inditip.wordpress.com/

  • How to get the 4 digit number associated with a SAP icon ( ICON_MAIL )

    Hi Friends,
                   Could anyone please tell me how to get the 4 digit number associated with a SAP icon ( ICON_MAIL ).
                   eg: - For ICON_GREEN_LIGHT the four digit id code is '@08@' (which you can get from ICON table )and the associated 4 digit number is'1003'.
                  Similarly I want to get the 4 digit number for ICON_MAIL(e-mail icon)
    <b><REMOVED BY MODERATOR></b>
    Ashiq
    Message was edited by:
            Alvaro Tejada Galindo

    You can use this report...It's not mine...
    REPORT zdummy_atg_2.
    TABLES: ICON.
    INCLUDE <ICON>.
    FIELD-SYMBOLS: <F>.
    SELECT * FROM ICON.
       ASSIGN (ICON-NAME) TO <F>.
       WRITE:   /(5) <F>, 20 '@',21 ICON-ID+1(2),23 '@',ICON-OLENG,
                ICON-BUTTON,ICON-STATUS,ICON-MESSAGE,ICON-FUNCTION,
                ICON-NAME.
    ENDSELECT.
    Greetings,
    Blag.

  • Request to delete all the Lenovo accounts associated with my email address

    Made the mistake of registering my Lenovo accounts on the US site which means that I cannot register any account information relevant to the UK (my address is one example) so can you either delete all the accounts associated with my email address so that I can create a new account on the UK site OR can you place all the accounts associated with my email under the UK site. Thank you.

    joshkier wrote:
    I've tried that but I just get this message 
    Unable to find the Lenovo ID and password combination you have entered. Please try again, or use the link below to create a new account.
    Yet it works fine on the US site?
    Can you try changing the regions from the lookup next to the lenovo logo at the tab after logging in the us site?
    Ishaan Ideapad Y560(i3 330m), Hp Elitebook 8460p!(i5-2520M) Hp Pavilion n208tx(i5-4200u)
    If you think a post helped you, then you can give Kudos to the post by pressing the Star on the left of the post. If you think a post solved your problem, then mark it as a solution so that others having the same problem can refer to it.

  • How to identify which role user is associated with?

    Oracle 11.0.1.7:
    How do I identify which role a user is associated with?
    Also how do I identify the privilges for a given role. For eg if SELECT, INSERT, DELETE was granted for a table to a role which dictionary table do I look at?
    I looked at USER_TAB_PRIVS.

    Check this:
    http://www.adp-gmbh.ch/ora/misc/recursively_list_privilege.html
    HTH
    -Anantha

  • How can I change the iCloud account associated with my iphone

    I changed my e-mail address a few months ago including changing my Apple ID to reflect my new e-mail. For some reason, my iphone and my ipad are both stuck with the iCloud username of my old e-mail address. When I try to delete these accounts like other forums have indicated to do, it won't let me because every password possible comes up as invalid and the "forgot password" e-mail never comes. I was wondering if there was a way to delete the icloud account associated with my old e-mail without having a password and replacing it with the updated iCloud information.

    if for some reason your old iCloud account does not accpte or you do not remember your password, you can try this:
    Problems after changing Apple ID primary mail address

  • How do you change your user name associated with the app store on the iphone 3G. When attempting to update, it is using an old email address that has since been changed at the apple site. The problem is that my phone does not seem to recognize this.

    I have exausted my ideas, and turn to the forum, prior to paying for something that may be a 2second simple fix. Please help if you can. Let me know if you need more info to understand my dilema.
    Thanks.

    Apps are permanently tied to the Apple ID used to purchase them.  You will always be asked for the password associated with this ID when updating apps, regardless of whether or not you are using this ID for current purchases.  The only way to stop this is to delete the old apps from your phone and iTunes and repurchase them with your current ID.
    Edit: to change the ID used for future purchases on your phone, go to Settings>Store>Apple ID, tap the ID shown, sign out, sign back in using the new ID.  As explained above, you will still be prompted with the old ID when updating apps purchase with the older ID.
    Message was edited by: randers4

  • How to get all properties for an item with search?

    How can I get all crawled / managed properties back of an item with the search API (REST, client, or server)?
    Currently I am only aware of specifying the applicable properties specifcally by using the selectproperties parameters via REST:
    http://host/site/_api/search/query?querytext='terms'&selectproperties='Path,Url,Title,Author'
    (taken from http://blogs.msdn.com/b/nadeemis/archive/2012/08/24/sharepoint-2013-search-rest-api.aspx)
    I don't want to do this. I just want to get all properties back that
    are associated with the search results.

    Its my understanding that standard managed properties will be returned, like: Created Date, Last Date Modified, Author, Title, etc.  However, if you need more than that you will need to specify the properties to return.
    This blog post also has a similar thought process:
    http://www.blendmaster.net/blog/2012/09/view-managed-property-value-in-sharepoint-2013-using-search-rest-api/
    Brandon Atkinson
    Blog: http://brandonatkinson.blogspot.com

  • How to get the document which is associated with a process having specific Guid value?

    when a PDF file is opened, AcroRd32.exe is started automatically, and we get the GUID value of that adobe reader.
    In c#, can't we get the document associated with the GUID value,  I mean the total PDF file which is opened in adobe reader at runtime.
    Here I'm struck up in code, can anyone suggest how to where I was missing something.
    Acrobat.CAcroAVDoc AcroAvDoc;
    Type AcrobatCAcroType;
    AcrobatCAcroType = Type.GetTypeFromCLSID(new Guid("{CA8A9780-280D-11CF-A24D-444553540000}"));  This CLSID is of adobe reader's.
    ///////Here I think I'm missing something
    Object obj = Activator.CreateInstance(AcrobatCAcroType);
    AcroAvDoc = (Acrobat.CAcroAVDoc)obj;
    I think I can get the full PDF document with AcroAvDoc.GetPDDoc();
    Thank you...

    Post your question in the forum for Acrobat SDK.

  • HOW TO GET ALL PURCHASES FROM ACCOUNT?

    I have been a customer for five years, and I have three computers, and 3(+) devices that I've used the purchased material on. How can I get everything that I've bought on one computer, once and for all? I've had Home Sharing enabled for everything for quite a while, but there are two issues with that: 1) It doesn't seem to work, and 2) It seems that it's only for music, and I'm mainly wanting to get my movies and TV shows onto this computer.
    --PLEASE HELP--
    Thanks!
    PS: A couple of my computers are either crashed or iTunes isn't functioning properly. I'm looking to re-download everything from my account that I have bought.

    If you are in the US and running iTunes 10.3 or later, the iCloud functionality will allow you to re-download content previously purchased.  More information can be found here.
    It is also possible to transfer iTunes purchases from the device to the computer via Files > Transfer purchases.

  • I have an iPad2 and recently bought an iPad mini.  My husband will take over the iPad 2.  How can I get him an iCloud account associated with that iPad and his iPhone 5?

    I have an iPad 2 and recently purchased an iPad mini.  My husband will take over the iPad2.  How can he get an icloud account for this iPad (eliminating me) and his iPhone5?

    Delete your iCloud account on the iPad 2, then he can follow the instructions to create his own iCloud account on it:
    http://www.apple.com/icloud/setup/ios.html
    Then he can setup his own account on his iPhone.

  • How can I change the user ID associated with a Unix numerical ID?

    I acquired a used MacMini.  I changed the home directory name and display name but when I use ls -l (in Terminal) I still see the former owner's Unix name.  Is there some way to edit the MacOSX equivalent of the old /etc/passwd so that the numerical used ID maps to my name?  I found a reference to OpenLDAP and Directory Services but nothing too helpful.
    TIA

    This may not be the last thing you have to do, but....
    System Preferences -> Users & Groups (or if an older system "Accounts").
    Click on the Padlock in the lower left corner, enter you admin password.
    Control-Click on the desired account
    Select "Advanced Options..." from the popup
    Pay close attention to the warnings, as you can totally screw up your Mac.  In fact, do you have a full bootable clone backup (SuperDuper or Carbon Copy Cloner)?  If not, stop now and go make one.
    Change the Account name field.
    Change the Home Directory field to match your new home directory.
    DO NOT MESS with UUID, and I would strongly suggest not changing your User ID, as all your files are currently owned by that User ID, and it is a pain to find and change the ownership of all your files.
    I suggest you logout and login.  Then if things do not look right, reboot.  If you have cron jobs, chances are they will be tighed to the old name, and a who bunch of other things might have stuff tied to the old name, so this is one of those things that may go wrong after you change your username.
    Again, this may not be the only thing you need to change.

  • How to find all tables that are associated with a given domain name.

    I want to find all table, excluding the structures, of a given domain name, say, waers.
    Some of the tables are directly contains the domains while others are related with a data element which is connected to that domain.
    I want to find tables for all two case -either tables connected directly to the domain or connected via data element- and exclude the structures.
    thanks in advance.

    Hi,
    The following thing may help you.
    in se11-> search for tables having names like 'DD*'.
    From this list of tables you can find the required table to get domain, data element nad table name.
    one way of doing it:
    SELECT rollname domname
      FROM dd04l
      INTO CORRESPONDING FIELDS OF TABLE it_tab.
    SELECT rollname tabname
      FROM dd03l
      INTO CORRESPONDING FIELDS OF TABLE it_tab1
      FOR ALL ENTRIES IN it_tab
      WHERE rollname = it_tab-rollname.
    SORT it_tab1.
    DELETE ADJACENT DUPLICATES FROM it_tab1.
    LOOP AT it_tab1 INTO wa_tab.
      MODIFY it_tab FROM wa_tab
      TRANSPORTING tabname
      WHERE rollname = wa_tab-rollname.
    ENDLOOP.
    LOOP AT it_tab INTO wa_tab.
      WRITE:/ wa_tab-domname,
              wa_tab-tabname.
    ENDLOOP.
    Regards,
    Manoj Kumar P

  • How do i undo d facebook account associated with m...

    I do not want my lumia to sync with the contacts of my Facebook account how to do this

    Go to settings-->email+accounts ..long press on Facebook and Delete it ..

Maybe you are looking for

  • Compare data record to session variable

    I am completely stumped. It should be easy. I am trying to compare a field from a database to a sesssion variable on a JSP page and even though the fields print out the same when I call them in JSP, my "If" statement never gets activated. Here's the

  • Slideshow in iMovie too small to edit

    Hello! I will try to explain this the best way that I can. I exported a slideshow from iPhone and imported it into iMovie. The slideshow is 10 minutes and 53 seconds. After importing it, the clip to edit is about an inch on the screen. I cannot exten

  • ICal on .mac start page

    Okay, this confuses me: - you can create a group and for that group select a (published) iCal calendar to display in the small calender view on the group page. then, why isn't it possible to do the same on my .mac "root" homepage?? Am I missing somet

  • SoD Risk Summary and Rule Text Files for CC 5.1

    Hi, Could anyone share with me where could I find the SoD Risk Summary and Rule Text Files for CC 5.1? I have looked into SAP Marketplace but I was not able to find such information. In the installation files we downloaded, these files are not includ

  • Bridge CS4 Server problem- slide show not loading

    Hi I have created a slide show in CS4 and emdedded the index code in my gallery page, created in Dreamweaver CS4. I have used an iframe within a DIV tag. Preview works fine in both Chrome and IE. However, once uploaded to Server, all that can be seen