![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 74%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EB%3C/text%3E%3C/svg%3E)
7,023 questions
Hi @BAB
It depends on what is your definition of privileged users, as there are different levels and types of privileges in an AD environment.
- Users that are members of the protected groups or admin roles: Account Operators
Administrator
Administrators
Backup Operators
Cert Publishers
Domain Admins
Domain Controllers
Enterprise Admins
Krbtgt
Print Operators
Read-only Domain Controllers
Replicator
Schema Admins
Server Operators - Possible delegation models which assigns elevated rights via the Delegation Wizard\ACL Permissions to additional rights to AD objects
- Possible delegation model for member servers and workstations.
Have a look at this page which has a number of predefined AD queries that can used to provide the answers to number 1.
https://nettools.net/predefined-ldap-queries/
Gary.