Domain User Right.

[Guest]

This is a simple question...
What is the best practise to find all user domain that have administrator rights of a domain?

 

[Simon Geary]

Just check your membership of the domain admins group. Any Enterprise Admins
in the forest root will also have admin permissions on the domain.

This is a simple question...
What is the best practise to find all user domain that have administrator

rights of a domain?

 

[Guest]

The problem is that there might be nested groups in the AD and I'm trying to list automatically all the admins of a given domain.
Doing it by hand is quite long because of the big number of entries.

 

[Andy Cadley]

Script-wise it's just a case of enumerating memebers of the Domain Admins
group and then recursively enumerating any groups which are contained
therein.

However, if a domain has large nested groups in the Domain Admins group then
their is probably something seriously wrong with their security arrangement.
Actually, if you don't *know* who is a Domain Admin then you have really big
issues anyway.

AndyC

The problem is that there might be nested groups in the AD and I'm trying

to list automatically all the admins of a given domain.

 

[Simon Geary]

Agreed, you should only have named users in the domain admins group, not
other groups.