Re: Tracking Kerberos Tickets
- From: "Skywing" <skywing_NO_SPAM_@xxxxxxxxxxxxxxxxxxx>
- Date: Mon, 26 Jun 2006 12:03:31 -0400
What about going by the password age for the computer account? Live
computer accounts will have their passwords changed automatically every so
often, I believe.
"Sasi" <Sasi@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:A1401E45-9A1F-4AAB-BC70-736F9D8AA278@xxxxxxxxxxxxxxxx
is there a way (programatically prefered but utilities also welcomed) to
track and log kerberos Tickets issued by a Domain controller? is there any
API or something that I can use to list all tickets granted by a server
during a specific time?
I need this because I want to write a program that detects and removes
dead/unused computer accounts in AD .my idea was to track computer
accounts
that had requested TGT during the past <some duration>,filtering them out
from other computers and deleting the rest.
any better idea to fulfill this goal is welcomed.of course I prefer that
idea to not involve in installing any client program on workstations.
.
- Prev by Date: Re: LsaLogonUser and kerberos
- Next by Date: Re: Tracking Kerberos Tickets
- Previous by thread: Registry Permissions Error
- Next by thread: Re: Tracking Kerberos Tickets
- Index(es):
Relevant Pages
|
