Ever been in an internal security assessment or penetration test, and need to list all domain admins?
You get the idea. So, aside from the people that are actual members of "Domain Admins", there are lots of groups that have elevated privileges in a domain, so we'll need to enumerate all of those too. And you can put groups into groups, so we'll have to recurse through that mess to get the full list of users. This can take quite a while in the GUI, but it's only a few lines of code in PowerShell: $DomainAdmins = @() This will list all the Admin users, and the group membership that put them there. So you might find the same person on this list a few times (but that's a good thing in most cases). If you just want the de-dup'd list of unique userids (without how they got there), add this snip to your code: $uniqadmins = ($DomainAdmins | select SamAccountName,name ) | Sort-Object -Property samaccountname -Unique When you run this against your domain, what is your percentage? Did you find any surprises? Please, use our comment form and let us know! |
Rob VandenBrink 579 Posts ISC Handler Apr 25th 2019 |
Thread locked Subscribe |
Apr 25th 2019 3 years ago |
A few years ago I wrote a script that checks various groups for membership changes. It uses the AD DS Tools (part of RSAT) feature. The basic command is:
dsquery group -name "Domain Admins" | dsget group -members -expand The output is a list of Distingished Names suitable for additional processing if desired. Elevated privilege are not required. |
Anonymous |
Quote |
Apr 25th 2019 3 years ago |
Sign Up for Free or Log In to start participating in the conversation!