‘Privileged’ accounts and groups in Active Directory are those to which powerful rights, privileges, and permissions are granted that allow them to perform nearly any action in Active Directory and on domain-joined systems.” (from Appendix B: Privileged Accounts and Groups in Active Directory ).
Task for today
Long time ago I had a script that was looking at Privileged Groups and printed out current
privileged users as well as changes in last 24 hours. Today I decided to do a re-write and wrap it into functions. The task is fairly simple:
- One function to get all privileged users
- One function to get changes
Those should be capable of running against different domains as well.
The Raw meat
To get the
Privileged Groups I will be using a filter
'AdminCount -eq 1'. Then I’ll just loop through each group and get all members. The output will contain samaccountname and Name of the user, the group it belongs to and DomainController that was queried:
Similar as before I’ll get all
Privileged Groups with the same filter. Then I’ll use replication attribute metadata
LastOriginatingChangeTime on members to select only those who changed in last