list all admin account

Posted on 2012-04-02
Medium Priority
Last Modified: 2012-04-19
I am new to scripting. I want a script to list all admin account in the entire domain. I can use Active role console or can run  from server. Could you please help. Thanks
Question by:cyrilma
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 57

Expert Comment

by:Mike Kline
ID: 37796752
Are you looking for members of "domain admins"   I wrote a blog that will give them to you


That will also give you the last time they logged in, lots of ways as you can see in the blog



Author Comment

ID: 37796857
Thanks, Mike for the quick response. I need the list of all users belongs to Admin account, enterprise admin, schema admin in the entire forest for an auditing purpose.
LVL 57

Expert Comment

by:Mike Kline
ID: 37796861
just use the example from the blog; you can do it for each group.


Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

LVL 35

Expert Comment

by:Joseph Daly
ID: 37796926
I like the DS series of tools for this sort of stuff. The following command will get you what you are looking for.

dsquery group -name "domain admins" | dsget group -members -expand | dsget user -ln -fn -samid
LVL 21

Expert Comment

ID: 37797037
Try this:

net group "Domain Admins"

Author Comment

ID: 37797204
Thanks a lot for all your suggestions and help.

Admin accounts are spreade across different domains. We are trying to create a script which can fetch info of all admin accounts in root domain and in other sub domains. Anyone who has any kind of administrative rights we need details which need to send it to audit team on monthly basis.

I found a good VB script I want to share with you all..

LVL 15

Accepted Solution

Russell_Venable earned 1500 total points
ID: 37803886
I have a script already made for this. You might want to check it out here. If you need tweaking of course it can be done. This script reads a list of machines and reports the results in separate files including the ones that do not work.

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
Suggested Courses
Course of the Month11 days, 16 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question