We have multiple DCs in a single forest. Some time ago, when new servers and applications were being put into production, the built in administrator account for the domain was used to run services and inside application configs.
I would like to change the admin password however doing so is likely to break all those servers that are using that administrator account. I would like to identify these and fix them prior to changing the password.
Can anybody suggest a tool that will go through the event logs and give me the information that I am after? The DCs are configured to audit successful log-ins.
Thanks in advance.
