Trying to find Service accounts

Copper Contributor

I am not very good at Powershell (yet) and I was tasked with finding all the service accounts in our Active Directory. Once I have a list I need to find the last time it was used to logon and clear out the old accounts. I can't figure out how to gather the accounts. I have tried the Get-ADServiceAccounts with different settings but can't get it to find the accounts. It seems like it should be easy but....


Any help would be appreciated!

3 Replies

@Chris Ruebel 


What have you tried?


This should get you started:

Get-ADServiceAccount - Filter * -SearchScope Subtree


This will grab all the service accounts in your domain.

Your AD domain's distinguished name can be obtained from:








Thanks for the reply - where would the Distinguished name fit into the command? Lets say my distinguished name is DC=Contoso, DC=Com

@Chris Ruebel 


The distinguished name can be used in the cmdlet like so:

Get-ADServiceAccount -SearchBase (Get-ADDomain).DistinguishedName


The -SearchBase parameter accepts a distinguished name syntax e.g. "CN=blah, OU=blah, dc=domain, dc=domain" This provides a means of targeting your search at a know starting point instead of the entire directory.


Use the -SearchScope parameter to specify how deep the search should go; Base, OneLevel, Subtree


Ex: Get-ADServiceAccount -Filter * -SearchScope Base

Ex: Get-ADServiceAccount -SearchBase (Get-ADDomain).DistinguishedName -SearchScope Base

Ex: Get-ADServiceAccount -Filter * -SearchScope Subtree

Ex: Get-ADServiceAccount -SearchBase (Get-ADDomain).DistinguishedName -SearchScope Subtree

Note the results.


Review the documentation here: