ActiveDirSec.Org

The world's most trusted forum on Active Directory Security


Post Info TOPIC: How to eumerate the membership of administrative groups in Active Directory?


Newbie

Posts: 3
Date: Jan 3, 2013
How to eumerate the membership of administrative groups in Active Directory?
Permalink  
 


Hello Forum,

We are trying to help our clients check/verify delegations in Active Directory. As a part of this, one of the things we have been doing is trying to enumerate the membership of all default administrative groups in Active Directory (e.g. Domain Admins, Enterprise Admins, Server Operators, Accounts Operators etc.)

In our efforts to try and do this, we have found it to be a bit cumbersome to do this, mainly because of group nesting i.e. many of these groups have groups that are nested within them, and in a few cases, our scripts went into infinite loops as it turned out that some of these nested groups were nested into each other.

So I was wondering if there is an easy way to enumerate and document the membership of administrative groups in Active Directory?

If anyone knows of an easy, reliable and efficient way to do this, I would sincerely be helpful if you could let me know how you are doing this, as its a bit too complicated for us to do as of now.

Thanks for your help.

Tom.



__________________

"These young guys are playing checkers. I'm out there playing chess" - Kobe Bryant

Page 1 of 1  sorted by
Quick Reply

Please log in to post quick replies.

Post to Digg Post to Del.icio.us
Members Login
Username 
 
Password 
    Remember Me