How to find privileged Active Directory Accounts
Published August 12, 2023 by Danny Moran
Table of Contents
PAGE CONTENT
Introduction
Learn how to find privileged Active Directory account by using the adminCount attribute. In this example, I show you how to use PowerShell to return a list of user accounts that have had their adminCount attribute changed to 1. User account with an adminCount value of 1 indicate that the user account is either a member of a privileged security group, or has previously been a member of a privileged security group.
Video
PowerShell
Get-ADUser -Filter ""adminCount -eq 1"" | ft name, samaccountname, enabled
Get-ADGroup -Filter ""adminCount -eq 1"" | ft name