AD Audit Script giving wrong detail for High privileged accounts RRS feed

  • Question

  • https://gallery.technet.microsoft.com/scriptcenter/AD-account-Audit-find-bfcc60db/view/Discussions#content

    script works fine however given multiple users which are not part of domain admins, Enter, sche or administrators group.

    script is simple, got confused how it is listed multiple accounts which dont have any direct or indirect membership :(

    • Moved by Bill_Stewart Monday, July 30, 2018 1:45 PM This is not support forum for gallery scripts
    Saturday, June 9, 2018 12:55 PM

All replies

  • Post issues with Gallery scripts to the author of the script.


    Saturday, June 9, 2018 5:26 PM
  • If it helps, this PowerShell script documents all object protected because they are members of highly privileged group (including due to group nesting). It also documents all objects that were once protected, but have since been removed from a highly privileged group and still have adminCount equal to 1 or inheritance disabled (so they should be investigated):


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Saturday, June 9, 2018 8:36 PM