This PowerShell script will create a report of users that are members of the following privileged groups:
- Enterprise Admins
- Schema Admins
- Domain Admins
- Cert Publishers
- Administrators
- Account Operators
- Server Operators
- Backup Operators
- Print Operators
This is the default list of privileged groups I’ve set, but you can adjust the privileged groups directly within the getForestPrivGroups function if needed.
The original script was written by Doug Symalla from Microsoft and posted onto the TechNet Script Center: List Membership In Privileged Groups
This was accompanied by two TechNet Blogs:
- Audit Membership in Privileged Active Directory Groups. A Second Look.
- Too Many Admins in Your Domain: Expose the Problem(s) and Find a Solution. (Don’t forget PowerShell)
The script was okay, but needed several updates to be more accurate and bug free. As Doug had not published an update since 26th April 2013, I though that I would. The changes I made are documented in the script.