list all admin account

Posted on 2012-04-02
Last Modified: 2012-04-19
I am new to scripting. I want a script to list all admin account in the entire domain. I can use Active role console or can run  from server. Could you please help. Thanks
Question by:cyrilma
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 57

Expert Comment

by:Mike Kline
ID: 37796752
Are you looking for members of "domain admins"   I wrote a blog that will give them to you

That will also give you the last time they logged in, lots of ways as you can see in the blog



Author Comment

ID: 37796857
Thanks, Mike for the quick response. I need the list of all users belongs to Admin account, enterprise admin, schema admin in the entire forest for an auditing purpose.
LVL 57

Expert Comment

by:Mike Kline
ID: 37796861
just use the example from the blog; you can do it for each group.


Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

LVL 35

Expert Comment

by:Joseph Daly
ID: 37796926
I like the DS series of tools for this sort of stuff. The following command will get you what you are looking for.

dsquery group -name "domain admins" | dsget group -members -expand | dsget user -ln -fn -samid
LVL 21

Expert Comment

ID: 37797037
Try this:

net group "Domain Admins"

Author Comment

ID: 37797204
Thanks a lot for all your suggestions and help.

Admin accounts are spreade across different domains. We are trying to create a script which can fetch info of all admin accounts in root domain and in other sub domains. Anyone who has any kind of administrative rights we need details which need to send it to audit team on monthly basis.

I found a good VB script I want to share with you all..
LVL 15

Accepted Solution

Russell_Venable earned 500 total points
ID: 37803886
I have a script already made for this. You might want to check it out here. If you need tweaking of course it can be done. This script reads a list of machines and reports the results in separate files including the ones that do not work.

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s been over a month into 2017, and there is already a sophisticated Gmail phishing email making it rounds. New techniques and tactics, have given hackers a way to authentically impersonate your contacts.How it Works The attack works by targeti…
A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question