Hi There,
I am preparing to change the password of one of or main and oldest Domain Admin accounts. It has been used for years for all kinds of authentication within applications, services and appliances (really bad practice I know). I have obtained a list of all services on relevant member servers where it is used. I have also loaded ADAudit plus and ran a report for member server log on activity with this account name as a filter. there are lots of TGT requests for that account form lots of servers.I have checked a sample of them and can't find any applications that would be configured with this account that would try to authenticate to the domain.
Is there a way of determining which application or process is authenticating with this account? any suggestions are welcome.
Thanks in advance.