Share via

AD Audit tool

ChrisL 21 Reputation points
2022-01-19T14:31:34.63+00:00

Hi All,

I am looking for a tool that can audit users account and identify if there is some way they have been given domain admin rights, or local admin rights, or any admin rights anywhere.

Ill give you an example, some users in our domain seem to have Domain admin rights or lcoal admin rights which gioves them the ability to install software, etc...

Yet they are not in the domain admin groups. I suspect that over time before i turned up, groups were just added to groups, and now there is loops and nested groups everywhere.

Anyone know of a tool that can help me untangle this mess?

I have tried powershell, but my PS skills are not "extensive" and i have got so far, but ie i can pull a group and see its memebers, but then i want to recurse until i get to the admin permisisons or something.

Anyway, please throw ideas my way. Open to anything.

Windows for business Windows Client for IT Pros Directory services Active Directory
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Thameur-BOURBITA 36,261 Reputation points Moderator
    2022-01-19T23:29:51.097+00:00

    Hi,

    By default the audit is turned off. If you want enable it , you have to perform the following steps:

    • Create a GPO linked to thedomain controller OU
    • Check Success and failure option on Audit Directory Services Access setting (Please read the link below for more details)
    • Set Audit settings on active directory objects (Domain admins in your case) (Please read the link below for more details)
      use-audit-active-directory-objects-track-events

    Please don't forget to mark helpful reply as answer

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.