PowerShell Script to find AD users with adminCount > 0

active-directory powershell

I've recently discovered the "adminSDHolder" feature of Active Directory. I need a quick way to identify all users who will be affected by it, namely a script to dump the user accounts.


Solution 1:

You can use this powershell script to return the users that have an adminCount greater than 0, which means that they are affected by the adminSDHolder feature. You'll need the AD Module for PowerShell installed, which comes with RSAT.

import-module activedirectory

get-aduser -Filter {admincount -gt 0} -Properties adminCount -ResultSetSize $null

Solution 2:

([adsisearcher]"(AdminCount=1)").findall()

Related

Apache seems to be using old expired certificate even though new one is installed
How to replicate nginx data to two servers?
Can you define a server's locations in multiple nginx config files?
What does LAST_ACK mean, as a State value in netstat?
"success=n" control syntax in pam.conf / pam.d/* files
Where is log output from cloud-init stored?
MySQL Master-Master Replication of ALL databases. How?
How to remove bad disk from LVM2 with the less data loss on other PVs?
Missing Space on Drive using Core Storage after Boot Camp Assistant Failure
Failed bootcamp partition, now can't remove it
Changing local IP address with networksetup command on OSX?
Find my iPhone contact