![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 88%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EHI%3C/text%3E%3C/svg%3E)
7,023 questions
Hi @Haris Ibrahim ,
This can be somewhat of a challenge, but should be doable, one way would be to parse the Security event-log on every domain-joined machine by looking for logins by that domain service account.
Check the older forum threads below that discuss the same topic:
- https://social.technet.microsoft.com/Forums/scriptcenter/en-US/32702e4d-43a7-4094-bccd-58a80a171a17/find-where-a-service-account-is-being-used?forum=ITCG
- https://serverfault.com/questions/193607/how-can-i-audit-all-of-the-places-where-a-domain-service-account-is-used
----------
If the reply was helpful please don't forget to upvote and/or accept as answer, thank you!
Best regards,
Leon
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 28.999999999999996%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EVW%3C/text%3E%3C/svg%3E)