ADUserSvcPins.ps1
<#PSScriptInfo
.SYNOPSIS Find Active Directory Service Accounts .DESCRIPTION Use this script to gather Active Directory Service Accounts .VERSION 1.0.1 .AUTHOR gaseceh .PROJECTURI https://github.com/gaseceh .GUID 364b4797-c3e9-48b6-9a19-a00bdf3f617a .TAGS Active Directory, ActiveDirectory Service Accounts, Service Pins, AD, aduser .NOTES Run this command as admin You must have Active Directory installed You must be connected to a domain within the network that you are scanning #> #used to get each domain within the forest $domains = (Get-ADForest).domains #used to loop thru each domain dumping obvious service accounts foreach ($domain in $domains){ get-aduser -Filter {(Name -like "*ServicePIN*") -or (Name -like "*Service PIN*") -or (Name -like "*Service Account*") -or (Name -like "*ServiceAc*")} -Server $domain -Properties * | Select-Object SamAccountName, PasswordLastSet, CN | Out-File -append $home\Desktop\AD_SVC_Pins.txt } #used to find admin accounts with no email and PW never expire accounts - suspected service accounts foreach ($domain in $domains){ get-aduser -Filter {(EmailAddress -notlike "*" ) -and (PasswordNeverExpires -eq "True")} -Properties * -Server $domain | Where-Object {$_.MemberOf -like "*Admins*"} | Select-Object SamAccountName, PasswordLastSet, CN | Out-File -append $home\Desktop\AD_SVC_Pins.txt } |