Powershell Script to Audit Service Accounts Across All Servers

Today I got a half-joke request from a colleague to write script to help him audit service accounts across a multitude of servers. Initially, I didn't see the use of writing a full script to do this for myself and my AD environment so I fired off this from my phone as a quick/dirty version.

$services = foreach($server in $serverlist){  
    Get-WmiObject -ComputerName $server win32_service  
foreach ($service in $services){  
    if ($service.startname -ne "localsystem"){  
    if ($service.startname -ne "NT AUTHORITYLocalService"){  
        write-host $_ | fl -Property name,startname  

Unsurprisingly, since I wrote it in Hangouts while on the subway, it did not work. So I fixed it, and made it a bit more robust and non-my AD specific. All it does is do a WMI based filter of all AD Computers, takes whatever's got a Windows Server OS installed and adds it to a list. Then it goes through that list, grabs all Windows Services, checks which ones aren't using one of the BUILTIN service accounts, and outputs the list of all remaining services into a three column list which can be redirected to a text file for Excel processing if needed.

$servers = Get-AdComputer -LDAPFilter "(OperatingSystem=*Server*)"
$serverlist = @()
foreach($server in $servers){$serverlist += $server.name}

foreach($server in $serverlist){
    $services = Get-WmiObject -ComputerName $server win32_service
    foreach($service in $services){
        if ($service.startname -ne "LocalSystem" `
        -And $service.startname -ne "NT AUTHORITY\LocalService" `
        -And $service.startname -ne "NT Authority\NetworkService"){
             $padserver = $server.padright(32)
             $padservicename = $service.name.padright(32)
             write-host $padserver $padservicename $service.startname.padright(32)

As with all my scripts, this is available on the Scripts page if you feel it'd be useful to you.