1) Are there any free tools to produce a report to list ONLY members of the domain admins group, and in tabular format, per account in the domain admins report the following fields:
password last set
user may change password
I know you can get this from net user commands but theres 50 to go through so would prefer one tool to provide one report for all memebers of domain admins....
2) Also, there any other default AD groups that give strong/powerful permissions in a domain? Is domain admins the top one? Could you list perhaps the top 5 - and some discussion what rights they give people?