Ever had to change a domain administrator’s password and had the sinking feeling that some bozo had setup a Windows service to run as that user. If you only have a couple servers it isn’t that big a deal to check each manually, but if you have a lot it can be a problem. I’ve seen a lot of admins just use the scream test to figure out what broke, but sometimes it isn’t obvious until the server is rebooted. We run into this situation frequently as we take over new clients.
Recently we had to make a change for a customer with 50+ Windows servers and I knew the account had been used for services. I just didn’t know where. So I built the below powershell script. I definitely owe a few people props as I used a number of different websites to figure out the WMI piece. Unfortunately, it has been too long since I remember who. But the next best thing is to put this script out there for other to use. So I have posted the script and a readme file to GitHub (a new experience for me, but way better than how I published my scripts previously).
Hope this helps out. This is provided “as-is” and while I’ve used in several environments I can’t guarantee it will work everywhere. Feel free to leave respectful comments.