Enumerates and identifies service accounts during Active Directory domain migrations. A service account is a standard user account that is assigned the Log on as a service user right.

admt service is a command-line tool that is available in the Active Directory Migration Tool (ADMT).

For examples of how this command can be used, see Examples.

Syntax

admt service /n "<ComputerName>"[ "<ComputerName2>"] /sd:<SourceDomain>

Parameters

Parameter Description

/{o|optionfile}:"<OptionFilename>"

Specifies to use an options file.

You can specify the following value for this parameter:

  • OptionFilename

    Specifies the name of the options file to use. This file contains a list of operations and parameters to use when ADMT enumerates service accounts. You can specify only one option file name with the admt service optionfile command. To specify more than one option file, list the parameter again for each additional option file.

/{sd|sourcedomain}:"<SourceDomain>"

Specifies the name of the domain in which ADMT enumerates service accounts. Enumerating service accounts is a required operation.

You can specify the following value for this parameter:

  • SourceDomain

    Specifies the NetBIOS or Domain Name System (DNS) name of the domain in which to enumerate service accounts.

/{sdc|sourcedomaincontroller}:"<SourceDomainControllerName>"

Specifies the name of the domain controller in the source domain.

You can specify the following value for this parameter:

  • SourceDomainControllerName

    Specifies the NetBIOS or DNS name of the domain controller in the source domain.

    Note

    Read-only domain controllers (RODCs) are not permitted to be used as the source domain controller.

/{so|sourceou}:"<OUName>"

Specifies the name of the source organizational unit (OU) that contains the computers that hold the service accounts. You use this parameter only for Active Directory source domains and for computer names that ADMT lists by using their relative distinguished names (also known as RDNs).

You can specify the following value for this parameter:

  • OUName

    Specifies the name of the OU in the source domain.

/{pre|precheckonly}: {yes|no}

Verifies that agent deployment succeeded before ADMT enumerates service accounts.

You can specify the following values for this parameter:

  • yes

    Performs a precheck operation.

  • no

    Does not perform a precheck operation. This is the default setting.

/{prrtry|autoprecheckretry}: {yes|no}

Verifies automatically that agent deployment succeeded before ADMT enumerates service accounts. ADMT attempts the verification according to the number and interval that you specify.

  • yes

    Specifies that ADMT retry the precheck operation.

  • no

    Specifies that ADMT does not retry the precheck operation. This is the default setting.

/{prrtryi|autoprecheckretryinterval}: <Minutes>

Specifies the number of minutes between each retry operation.

You can specify the following value for this parameter:

  • Minutes

    Specifies a number of minutes from 1 through 1440. The default is 30 minutes. You specify this value only if the /prrtry parameter has a yes value.

/{prrtryn|autoprecheckretrynumber}: <Number>

Specifies the number of times to retry the operation.

You can specify the following value for this parameter:

  • Number

    Specifies a number from 1 through 20000. The default is 48. You specify this value only if the /prrtry command has a yes value.

/{n|includename} "<ComputerName>" ["<ComputerName2>"]

Specifies a computer or a list of computers on which to enumerate service accounts.

You can specify the following value for this parameter:

  • ComputerName

    Specifies the name of the computer on which to enumerate service accounts. Place each name in quotation marks. Separate each name from the next one with a space.

/{f|includefile}: <FileName>

Specifies the name of the file that contains the list of computers on which to enumerate service accounts.

You can specify the following value for this parameter:

  • FileName

    Specifies the name of the include file, which can contain the Windows NT Security Accounts Manager (SAM) account name, relative distinguished name (also known as RDN), or canonical name (CN=) of the account. You can specify only one file with this parameter.

/{d|includedomain} [:recurse]

Specifies an entire source domain or OU of service accounts to enumerate.

You can specify the following value for this parameter:

  • recurse

    Specifies how to migrate listed domains or OUs.

/{en|excludename} "<ComputerName>" ["<ComputerName2>"]

Specifies which computers to exclude from service account enumeration.

You can specify the following value for this parameter:

  • ComputerName

    Specifies the name of the computer to exclude from service account enumeration. You can specify multiple names. Place each computer name in quotation marks, and separate each name from the next one with a space. By default, ADMT enumerates service accounts on all computers in a domain or OU that you specify. You can use a maximum of two wildcard characters (*) in each name. You can use wildcard characters at the beginning or end of a string, or at both the beginning and end of the string.

/{ef|excludefile}: <FileName>

Specifies the name of the file that contains the list of computers to exclude from service account enumeration.

You can specify the following value for this parameter:

  • Filename

    Specifies the name of the exclude file, which can contain the Windows NT SAM account names or the relative distinguished names of the accounts to exclude. You can specify only one file with this parameter. You can use a maximum of two wildcard characters (*) for each name in the exclude file. Although you cannot include wildcard characters in the file name itself, you can use wildcard characters at the beginning or end of a string, or at both the beginning and end of the string.

Remarks

In addition to the admt service command-line tool, you can use the Service Account Migration Wizard to identify the member servers and domain controllers that run services by using a service account.

Examples

The following example enumerates the service accounts for a computer named WORKSTATION1 in the CONTOSO domain.

admt service /n "WORKSTATION1" /sd:CONTOSO

The following example enumerates service accounts for a list of computers in the source domain that are contained in an include file that is located at C:\temp\MyListOfComputers.txt.

admt service /o:C:\temp\MyListOfComputers.txt