Osirium Logo

Domain Service Accounts Report

Domain Service Accounts Report Playbook IconDomain Service Accounts Report Playbook Icon

This task will:

  • Audit services from Windows servers found in Active Directory
  • Find which services use a domain account
  • Audit each domain service account from Active Directory
  • Report on passwords that are old, expired, or approaching expiry

Playbook Files

This playbook was built for PPA version 2.12.x

Running this Playbook

  • Click download playbook
  • Import the downloaded file via the Playbooks page on PPA
  • Build the playbook from the Edit & Build tab
  • Run the playbook from the Preview & Deploy tab
* Requires PPA v2.9.x or newer


Domain Maximum Password Age

This task uses the maximum password age configured in Active Directory to calculate password expiries.

If there is no maximum password age configured, a minimal report will be generated instead.

Required Vault Details

Active Directory

  • IP/DNS address of a Domain Controller
  • Domain FQDN
  • Username
  • Password

The Active Directory credentials require the permission to audit services on domain servers, & users in Active Directory.

Vault Configuration Wizard

The first time you run a task built from this playbook, PPA will check the required Vault details exist.

If they don't exist, PPA will ask you to supply the details at the start of the task.

Below you can see a user providing details the first time they run an Active Directory task.


Once the details are added to Vault, the task won't ask for them again.

If you don't know the required details, ask an administrator to run the task or configure Vault manually.

What the Task Does

Once started, this task will:

  • Find all servers in Active Directory
  • Allow the Task Operator to select one or more servers
  • Audit services that use a domain account from each server
  • Check the password health of each service account in Active Directory
  • Present a summary of password health & ask the task operator which accounts to display

Powershell Remoting (WinRM)

This task uses Powershell Remoting over WinRM to connect to Windows Servers & audit services.

See this Microsoft article for more information on how to securely enable WinRM.

Connection Settings

By default this playbook will:

  • Use SSL when connecting to the Windows server
  • Validate the Windows server certificate

You can change these settings on lines 10 & 11 of the playbook:

  use_ssl: true
  validate_cert: true
Product Boot Screen

Get PPA for free!

Start automating your estate with a free 30 day trial today. No signup required!

Get PPA Express


Theale Court
11-13 High Street, Theale
Reading, Berkshire, RG7 5AH
United Kingdom
+44 (0) 118 324 2444

Osirium Logo

Copyright 2020 Osirium Ltd.