ADUserSvcPins

1.0.1

ADUserSvcPins.ps1

                                <#PSScriptInfo

.SYNOPSIS

Find Active Directory Service Accounts

.DESCRIPTION 

Use this script to gather Active Directory Service Accounts

.VERSION 

1.0.1

.AUTHOR 

gaseceh

.PROJECTURI

https://github.com/gaseceh

.GUID

364b4797-c3e9-48b6-9a19-a00bdf3f617a

.TAGS

 Active Directory, ActiveDirectory Service Accounts, Service Pins, AD, aduser

.NOTES

Run this command as admin

You must have Active Directory installed

You must be connected to a domain within the network that you are scanning

#>

#used to get each domain within the forest

$domains = (Get-ADForest).domains

#used to loop thru each domain dumping obvious service accounts

foreach ($domain in $domains){

    get-aduser -Filter {(Name -like "*ServicePIN*") -or (Name -like "*Service PIN*") -or (Name -like "*Service Account*") -or (Name -like "*ServiceAc*")}  -Server $domain -Properties * | Select-Object SamAccountName, PasswordLastSet, CN | Out-File -append $home\Desktop\AD_SVC_Pins.txt

}

#used to find admin accounts with no email and PW never expire accounts - suspected service accounts

foreach ($domain in $domains){

    get-aduser -Filter {(EmailAddress -notlike "*" ) -and (PasswordNeverExpires -eq "True")} -Properties * -Server $domain  | Where-Object {$_.MemberOf -like "*Admins*"} | Select-Object SamAccountName, PasswordLastSet, CN | Out-File -append $home\Desktop\AD_SVC_Pins.txt

}