PowerShell Script to find AD users with adminCount > 0
I've recently discovered the "adminSDHolder" feature of Active Directory. I need a quick way to identify all users who will be affected by it, namely a script to dump the user accounts.
Solution 1:
You can use this powershell script to return the users that have an adminCount greater than 0, which means that they are affected by the adminSDHolder feature. You'll need the AD Module for PowerShell installed, which comes with RSAT.
import-module activedirectory
get-aduser -Filter {admincount -gt 0} -Properties adminCount -ResultSetSize $null
Solution 2:
([adsisearcher]"(AdminCount=1)").findall()