├── README.md
├── ad-admins.ps1
├── ad-all.ps1
├── ad-computers.ps1
├── ad-dcs.ps1
├── ad-disabled.ps1
├── ad-enterprise-admins.ps1
├── ad-gpos.ps1
├── ad-groups.ps1
├── ad-inventory.ps1
├── ad-lastlogon.ps1
├── ad-membergroups.ps1
├── ad-neverexpires.ps1
├── ad-ous.ps1
├── ad-reports
├── ad-admins
│ ├── ad-admins-2018-7-9.csv
│ ├── ad-admins-2018-7-9.html
│ ├── ad-admins.csv
│ └── ad-admins.html
├── ad-all
│ └── ad-2018-7-9
│ │ ├── ad-admins-2018-7-9.html
│ │ ├── ad-computers-2018-7-9.html
│ │ ├── ad-dcs-2018-7-9.html
│ │ ├── ad-disabled-2018-7-9.html
│ │ ├── ad-gpos-2018-7-9.html
│ │ ├── ad-groups-2018-7-9.html
│ │ ├── ad-inventory-2018-7-9.html
│ │ ├── ad-lastlogon-2018-7-9.html
│ │ ├── ad-membergroups-2018-7-9.html
│ │ ├── ad-neverexpires-2018-7-9.html
│ │ ├── ad-ous-2018-7-9.html
│ │ ├── ad-servers-2018-7-9.html
│ │ ├── ad-users-2018-7-9.html
│ │ └── gpos-html-2018-7-9.zip
├── ad-computers
│ ├── ad-computers-2018-7-9.csv
│ ├── ad-computers-2018-7-9.html
│ ├── ad-computers.csv
│ └── ad-computers.html
├── ad-dcs
│ ├── ad-dcs-2018-7-9.csv
│ ├── ad-dcs-2018-7-9.html
│ ├── ad-dcs.csv
│ └── ad-dcs.html
├── ad-disabled
│ ├── ad-disabled-2018-7-9.csv
│ ├── ad-disabled-2018-7-9.html
│ ├── ad-disabled.csv
│ └── ad-disabled.html
├── ad-enterprise-admins
│ ├── ad-enterprise-admins.csv
│ └── ad-enterprise-admins.html
├── ad-gpos
│ ├── ad-gpos-2018-7-9.csv
│ ├── ad-gpos-2018-7-9.html
│ ├── ad-gpos.csv
│ ├── ad-gpos.html
│ ├── gpos-html-2018-7-9.zip
│ ├── gpos-html-2018-7-9
│ │ ├── Default Domain Controllers Policy.htm
│ │ └── Default Domain Policy.htm
│ ├── gpos-html.zip
│ └── gpos-html
│ │ ├── Default Domain Controllers Policy.htm
│ │ └── Default Domain Policy.htm
├── ad-groups
│ ├── ad-groups-2018-7-9.csv
│ ├── ad-groups-2018-7-9.html
│ ├── ad-groups.csv
│ └── ad-groups.html
├── ad-inventory
│ ├── ad-inventory-2018-7-9.csv
│ ├── ad-inventory-2018-7-9.html
│ ├── ad-inventory.csv
│ └── ad-inventory.html
├── ad-lastlogon
│ ├── ad-lastlogon-2018-7-9.csv
│ ├── ad-lastlogon-2018-7-9.html
│ ├── ad-lastlogon.csv
│ └── ad-lastlogon.html
├── ad-membergroups
│ ├── ad-membergroups-2018-7-9.csv
│ ├── ad-membergroups-2018-7-9.html
│ ├── ad-membergroups.csv
│ └── ad-membergroups.html
├── ad-neverexpires
│ ├── ad-neverexpires-2018-7-9.csv
│ ├── ad-neverexpires-2018-7-9.html
│ ├── ad-neverexpires.csv
│ └── ad-neverexpires.html
├── ad-ous
│ ├── ad-ous-2018-7-9.csv
│ ├── ad-ous-2018-7-9.html
│ ├── ad-ous.csv
│ └── ad-ous.html
├── ad-servers
│ ├── ad-servers-2018-7-9.csv
│ ├── ad-servers-2018-7-9.html
│ ├── ad-servers.csv
│ └── ad-servers.html
└── ad-users
│ ├── ad-users-2018-7-9.csv
│ ├── ad-users-2018-7-9.html
│ ├── ad-users.csv
│ └── ad-users.html
├── ad-servers.ps1
├── ad-users.ps1
├── adrt.ps1
├── config
└── config.txt
├── index.html
└── web
├── css
└── bootstrap.min.css
├── img
├── 100security.png
├── all_computers.png
├── all_gpos.png
├── all_groups.png
├── all_ous.png
├── all_servers.png
├── all_users.png
├── disabled_users.png
├── domain_admins.png
├── domain_controllers.png
├── facebook.png
├── github.png
├── inventory.png
├── last_logon.png
├── linkedin.png
├── marcoshenrique.jpg
├── password_never_expires.png
├── twitter.png
└── youtube.png
└── js
├── 100security.js
├── bootstrap.min.js
└── jquery-3.3.1.slim.min.js
/README.md:
--------------------------------------------------------------------------------
1 | # ADRT
2 | Active Directory Report Tool
3 |
4 | # Descrição
5 | Como objetivo de colaborar com o dia-a-dia das tarefas diárias dos Administradores de Redes e Analista de Segurança da Informação eu optei em compartilhar esta ferramenta que desenvolvi utilizando PowerShell, HTML, JavaScript. O objetivo do ADRT é extrair informações úteis do Active Directory e exibir-las de forma amigável a fim de auxiliar na geração de indicadores e na realização de auditorias.
6 |
7 | # adrt.ps1 - Menu via PowerShell
8 | 
9 |
10 | # index.html - Página Inicial de Relatórios
11 | 
12 |
13 | # Artigo
14 | www.100security.com.br/adrt
15 |
16 | # Video
17 | www.youtube.com/watch?v=KuEjGZSLPJE&t
18 |
--------------------------------------------------------------------------------
/ad-admins.ps1:
--------------------------------------------------------------------------------
1 | <#
2 | .NAME
3 | ADRT - Active Directory Report Tool
4 | .DESCRIPTION
5 | Extract the complete list of all Domain Admins.
6 | .EXAMPLE
7 | PS C:\adrt> .\ad-admins.ps1
8 | .NOTES
9 | Name: Marcos Henrique
10 | E-mail: marcos@100security.com.br
11 | .LINK
12 | WebSite: http://www.100security.com.br
13 | Facebook: https://www.facebook.com/seguranca.da.informacao
14 | Twitter: https://twitter.com/100Security
15 | GitHub: https://www.github.com/100security
16 | Youtube: https://www.youtube.com/user/videos100security
17 | #>
18 |
19 | $report = $null
20 | $table = $null
21 | $date = Get-Date -format "yyyy-MM-dd"
22 | $mounth = Get-Date -format "MMM"
23 | $directorypath = (Get-Item -Path ".\").FullName
24 | $path = "ad-reports\ad-admins"
25 | #$html = "$path\ad-admins-$date.html"
26 | #$csv = "$path\ad-admins-$date.csv"
27 | $html = "$path\ad-admins.html"
28 | $csv = "$path\ad-admins.csv"
29 |
30 | #-- Domain Admins
31 | $t_da = (Get-ADGroupMember -Identity "Domain Admins").count
32 | $domain = (Get-ADDomain).Forest
33 |
34 | # Config
35 | $config = Get-Content (JOIN-PATH $directorypath "config\config.txt")
36 | $company = $config[7]
37 | $owner = $config[9]
38 |
39 | #-- Import Module
40 | Import-Module ActiveDirectory
41 |
42 | #-- Show Total
43 | $table += "
Name | MemberOf | Members |
100Security | | CN=Marcos Henrique,OU=100Security,OU=Empresas,DC=100security,DC=local
24 | |
Access Control Assistance Operators | | |
Account Operators | | |
Administrators | | CN=Administrator,CN=Users,DC=100security,DC=local
25 | CN=Enterprise Admins,CN=Users,DC=100security,DC=local
26 | CN=Domain Admins,CN=Users,DC=100security,DC=local
27 | |
Allowed RODC Password Replication Group | | |
Apple | | CN=Steve Jobs,OU=Apple,OU=Empresas,DC=100security,DC=local
28 | |
Backup Operators | | |
Cert Publishers | CN=Denied RODC Password Replication Group,CN=Users,DC=100security,DC=local
29 | | |
Certificate Service DCOM Access | | |
Cloneable Domain Controllers | | |
Cryptographic Operators | | |
Denied RODC Password Replication Group | | CN=Read-only Domain Controllers,CN=Users,DC=100security,DC=local
30 | CN=Domain Controllers,CN=Users,DC=100security,DC=local
31 | CN=krbtgt,CN=Users,DC=100security,DC=local
32 | CN=Group Policy Creator Owners,CN=Users,DC=100security,DC=local
33 | CN=Enterprise Admins,CN=Users,DC=100security,DC=local
34 | CN=Schema Admins,CN=Users,DC=100security,DC=local
35 | CN=Domain Admins,CN=Users,DC=100security,DC=local
36 | CN=Cert Publishers,CN=Users,DC=100security,DC=local
37 | |
Distributed COM Users | | |
DnsAdmins | | |
DnsUpdateProxy | | |
Domain Admins | CN=Denied RODC Password Replication Group,CN=Users,DC=100security,DC=local
38 | CN=Administrators,CN=Builtin,DC=100security,DC=local
39 | | CN=Administrator,CN=Users,DC=100security,DC=local
40 | |
Domain Computers | | |
Domain Controllers | CN=Denied RODC Password Replication Group,CN=Users,DC=100security,DC=local
41 | | |
Domain Guests | CN=Guests,CN=Builtin,DC=100security,DC=local
42 | | |
Domain Users | CN=Users,CN=Builtin,DC=100security,DC=local
43 | | |
Enterprise Admins | CN=Denied RODC Password Replication Group,CN=Users,DC=100security,DC=local
44 | CN=Administrators,CN=Builtin,DC=100security,DC=local
45 | | CN=Administrator,CN=Users,DC=100security,DC=local
46 | |
Enterprise Read-only Domain Controllers | | |
Event Log Readers | | |
Facebook | | CN=Mark Zuckerberg,OU=Facebook,OU=Empresas,DC=100security,DC=local
47 | |
Group Policy Creator Owners | CN=Denied RODC Password Replication Group,CN=Users,DC=100security,DC=local
48 | | CN=Administrator,CN=Users,DC=100security,DC=local
49 | |
Guests | | CN=Domain Guests,CN=Users,DC=100security,DC=local
50 | CN=Guest,CN=Users,DC=100security,DC=local
51 | |
Hyper-V Administrators | | |
IIS_IUSRS | | CN=S-1-5-17,CN=ForeignSecurityPrincipals,DC=100security,DC=local
52 | |
Incoming Forest Trust Builders | | |
McAfee | | CN=John McAfee,OU=McAfee,OU=Empresas,DC=100security,DC=local
53 | |
Microsoft | | CN=Bill Gates,OU=Microsoft,OU=Empresas,DC=100security,DC=local
54 | |
Network Configuration Operators | | |
Performance Log Users | | |
Performance Monitor Users | | |
Pre-Windows 2000 Compatible Access | | CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=100security,DC=local
55 | |
Print Operators | | |
RAS and IAS Servers | | |
RDS Endpoint Servers | | |
RDS Management Servers | | |
RDS Remote Access Servers | | |
Read-only Domain Controllers | CN=Denied RODC Password Replication Group,CN=Users,DC=100security,DC=local
56 | | |
Remote Desktop Users | | |
Remote Management Users | | |
Replicator | | |
Schema Admins | CN=Denied RODC Password Replication Group,CN=Users,DC=100security,DC=local
57 | | CN=Administrator,CN=Users,DC=100security,DC=local
58 | |
Server Operators | | |
Terminal Server License Servers | | |
Users | | CN=S-1-5-4,CN=ForeignSecurityPrincipals,DC=100security,DC=local
59 | CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=100security,DC=local
60 | CN=Domain Users,CN=Users,DC=100security,DC=local
61 | |
Windows Authorization Access Group | | CN=S-1-5-9,CN=ForeignSecurityPrincipals,DC=100security,DC=local
62 | |
WinRMRemoteWMIUsers__ | | |
63 | Name | Description |
100Security | 100security Group |
Access Control Assistance Operators | Members of this group can remotely query authorization attributes and permissions for resources on this computer. |
Account Operators | Members can administer domain user and group accounts |
Administrators | Administrators have complete and unrestricted access to the computer/domain |
Allowed RODC Password Replication Group | Members in this group can have their passwords replicated to all read-only domain controllers in the domain |
Apple | Apple Group |
Backup Operators | Backup Operators can override security restrictions for the sole purpose of backing up or restoring files |
Cert Publishers | Members of this group are permitted to publish certificates to the directory |
Certificate Service DCOM Access | Members of this group are allowed to connect to Certification Authorities in the enterprise |
Cloneable Domain Controllers | Members of this group that are domain controllers may be cloned. |
Cryptographic Operators | Members are authorized to perform cryptographic operations. |
Denied RODC Password Replication Group | Members in this group cannot have their passwords replicated to any read-only domain controllers in the domain |
Distributed COM Users | Members are allowed to launch, activate and use Distributed COM objects on this machine. |
DnsAdmins | DNS Administrators Group |
DnsUpdateProxy | DNS clients who are permitted to perform dynamic updates on behalf of some other clients (such as DHCP servers). |
Domain Admins | Designated administrators of the domain |
Domain Computers | All workstations and servers joined to the domain |
Domain Controllers | All domain controllers in the domain |
Domain Guests | All domain guests |
Domain Users | All domain users |
Enterprise Admins | Designated administrators of the enterprise |
Enterprise Read-only Domain Controllers | Members of this group are Read-Only Domain Controllers in the enterprise |
Event Log Readers | Members of this group can read event logs from local machine |
Facebook | Facebook Group |
Group Policy Creator Owners | Members in this group can modify group policy for the domain |
Guests | Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted |
Hyper-V Administrators | Members of this group have complete and unrestricted access to all features of Hyper-V. |
IIS_IUSRS | Built-in group used by Internet Information Services. |
Incoming Forest Trust Builders | Members of this group can create incoming, one-way trusts to this forest |
McAfee | McAfee Group |
Microsoft | Microsoft Group |
Network Configuration Operators | Members in this group can have some administrative privileges to manage configuration of networking features |
Performance Log Users | Members of this group may schedule logging of performance counters, enable trace providers, and collect event traces both locally and via remote access to this computer |
Performance Monitor Users | Members of this group can access performance counter data locally and remotely |
Pre-Windows 2000 Compatible Access | A backward compatibility group which allows read access on all users and groups in the domain |
Print Operators | Members can administer domain printers |
RAS and IAS Servers | Servers in this group can access remote access properties of users |
RDS Endpoint Servers | Servers in this group run virtual machines and host sessions where users RemoteApp programs and personal virtual desktops run. This group needs to be populated on servers running RD Connection Broker. RD Session Host servers and RD Virtualization Host servers used in the deployment need to be in this group. |
RDS Management Servers | Servers in this group can perform routine administrative actions on servers running Remote Desktop Services. This group needs to be populated on all servers in a Remote Desktop Services deployment. The servers running the RDS Central Management service must be included in this group. |
RDS Remote Access Servers | Servers in this group enable users of RemoteApp programs and personal virtual desktops access to these resources. In Internet-facing deployments, these servers are typically deployed in an edge network. This group needs to be populated on servers running RD Connection Broker. RD Gateway servers and RD Web Access servers used in the deployment need to be in this group. |
Read-only Domain Controllers | Members of this group are Read-Only Domain Controllers in the domain |
Remote Desktop Users | Members in this group are granted the right to logon remotely |
Remote Management Users | Members of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user. |
Replicator | Supports file replication in a domain |
Schema Admins | Designated administrators of the schema |
Server Operators | Members can administer domain servers |
Terminal Server License Servers | Members of this group can update user accounts in Active Directory with information about license issuance, for the purpose of tracking and reporting TS Per User CAL usage |
Users | Users are prevented from making accidental or intentional system-wide changes and can run most applications |
Windows Authorization Access Group | Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects |
WinRMRemoteWMIUsers__ | Members of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user. |
24 | Name | Description |
Access Control Assistance Operators | Members of this group can remotely query authorization attributes and permissions for resources on this computer. |
Account Operators | Members can administer domain user and group accounts |
Administrators | Administrators have complete and unrestricted access to the computer/domain |
Allowed RODC Password Replication Group | Members in this group can have their passwords replicated to all read-only domain controllers in the domain |
Backup Operators | Backup Operators can override security restrictions for the sole purpose of backing up or restoring files |
Cert Publishers | Members of this group are permitted to publish certificates to the directory |
Certificate Service DCOM Access | Members of this group are allowed to connect to Certification Authorities in the enterprise |
Cloneable Domain Controllers | Members of this group that are domain controllers may be cloned. |
Cryptographic Operators | Members are authorized to perform cryptographic operations. |
Denied RODC Password Replication Group | Members in this group cannot have their passwords replicated to any read-only domain controllers in the domain |
Distributed COM Users | Members are allowed to launch, activate and use Distributed COM objects on this machine. |
DnsAdmins | DNS Administrators Group |
DnsUpdateProxy | DNS clients who are permitted to perform dynamic updates on behalf of some other clients (such as DHCP servers). |
Domain Admins | Designated administrators of the domain |
Domain Computers | All workstations and servers joined to the domain |
Domain Controllers | All domain controllers in the domain |
Domain Guests | All domain guests |
Domain Users | All domain users |
Enterprise Admins | Designated administrators of the enterprise |
Enterprise Read-only Domain Controllers | Members of this group are Read-Only Domain Controllers in the enterprise |
Event Log Readers | Members of this group can read event logs from local machine |
Group Policy Creator Owners | Members in this group can modify group policy for the domain |
Guests | Guests have the same access as members of the Users group by default, except for the Guest account which is further restricted |
Hyper-V Administrators | Members of this group have complete and unrestricted access to all features of Hyper-V. |
IIS_IUSRS | Built-in group used by Internet Information Services. |
Incoming Forest Trust Builders | Members of this group can create incoming, one-way trusts to this forest |
Network Configuration Operators | Members in this group can have some administrative privileges to manage configuration of networking features |
Performance Log Users | Members of this group may schedule logging of performance counters, enable trace providers, and collect event traces both locally and via remote access to this computer |
Performance Monitor Users | Members of this group can access performance counter data locally and remotely |
Pre-Windows 2000 Compatible Access | A backward compatibility group which allows read access on all users and groups in the domain |
Print Operators | Members can administer domain printers |
RAS and IAS Servers | Servers in this group can access remote access properties of users |
RDS Endpoint Servers | Servers in this group run virtual machines and host sessions where users RemoteApp programs and personal virtual desktops run. This group needs to be populated on servers running RD Connection Broker. RD Session Host servers and RD Virtualization Host servers used in the deployment need to be in this group. |
RDS Management Servers | Servers in this group can perform routine administrative actions on servers running Remote Desktop Services. This group needs to be populated on all servers in a Remote Desktop Services deployment. The servers running the RDS Central Management service must be included in this group. |
RDS Remote Access Servers | Servers in this group enable users of RemoteApp programs and personal virtual desktops access to these resources. In Internet-facing deployments, these servers are typically deployed in an edge network. This group needs to be populated on servers running RD Connection Broker. RD Gateway servers and RD Web Access servers used in the deployment need to be in this group. |
Read-only Domain Controllers | Members of this group are Read-Only Domain Controllers in the domain |
Remote Desktop Users | Members in this group are granted the right to logon remotely |
Remote Management Users | Members of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user. |
Replicator | Supports file replication in a domain |
Schema Admins | Designated administrators of the schema |
Server Operators | Members can administer domain servers |
Terminal Server License Servers | Members of this group can update user accounts in Active Directory with information about license issuance, for the purpose of tracking and reporting TS Per User CAL usage |
Users | Users are prevented from making accidental or intentional system-wide changes and can run most applications |
Windows Authorization Access Group | Members of this group have access to the computed tokenGroupsGlobalAndUniversal attribute on User objects |
WinRMRemoteWMIUsers__ | Members of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user. |
24 | Name | MemberOf | Members |
100Security | | CN=Marcos Henrique,OU=100Security,OU=Empresas,DC=100security,DC=local
24 | |
Access Control Assistance Operators | | |
Account Operators | | |
Administrators | | CN=Administrator,CN=Users,DC=100security,DC=local
25 | CN=Enterprise Admins,CN=Users,DC=100security,DC=local
26 | CN=Domain Admins,CN=Users,DC=100security,DC=local
27 | |
Allowed RODC Password Replication Group | | |
Apple | | CN=Steve Jobs,OU=Apple,OU=Empresas,DC=100security,DC=local
28 | |
Backup Operators | | |
Cert Publishers | CN=Denied RODC Password Replication Group,CN=Users,DC=100security,DC=local
29 | | |
Certificate Service DCOM Access | | |
Cloneable Domain Controllers | | |
Cryptographic Operators | | |
Denied RODC Password Replication Group | | CN=Read-only Domain Controllers,CN=Users,DC=100security,DC=local
30 | CN=Domain Controllers,CN=Users,DC=100security,DC=local
31 | CN=krbtgt,CN=Users,DC=100security,DC=local
32 | CN=Group Policy Creator Owners,CN=Users,DC=100security,DC=local
33 | CN=Enterprise Admins,CN=Users,DC=100security,DC=local
34 | CN=Schema Admins,CN=Users,DC=100security,DC=local
35 | CN=Domain Admins,CN=Users,DC=100security,DC=local
36 | CN=Cert Publishers,CN=Users,DC=100security,DC=local
37 | |
Distributed COM Users | | |
DnsAdmins | | |
DnsUpdateProxy | | |
Domain Admins | CN=Denied RODC Password Replication Group,CN=Users,DC=100security,DC=local
38 | CN=Administrators,CN=Builtin,DC=100security,DC=local
39 | | CN=Administrator,CN=Users,DC=100security,DC=local
40 | |
Domain Computers | | |
Domain Controllers | CN=Denied RODC Password Replication Group,CN=Users,DC=100security,DC=local
41 | | |
Domain Guests | CN=Guests,CN=Builtin,DC=100security,DC=local
42 | | |
Domain Users | CN=Users,CN=Builtin,DC=100security,DC=local
43 | | |
Enterprise Admins | CN=Denied RODC Password Replication Group,CN=Users,DC=100security,DC=local
44 | CN=Administrators,CN=Builtin,DC=100security,DC=local
45 | | CN=Administrator,CN=Users,DC=100security,DC=local
46 | |
Enterprise Read-only Domain Controllers | | |
Event Log Readers | | |
Facebook | | CN=Mark Zuckerberg,OU=Facebook,OU=Empresas,DC=100security,DC=local
47 | |
Group Policy Creator Owners | CN=Denied RODC Password Replication Group,CN=Users,DC=100security,DC=local
48 | | CN=Administrator,CN=Users,DC=100security,DC=local
49 | |
Guests | | CN=Domain Guests,CN=Users,DC=100security,DC=local
50 | CN=Guest,CN=Users,DC=100security,DC=local
51 | |
Hyper-V Administrators | | |
IIS_IUSRS | | CN=S-1-5-17,CN=ForeignSecurityPrincipals,DC=100security,DC=local
52 | |
Incoming Forest Trust Builders | | |
McAfee | | CN=John McAfee,OU=McAfee,OU=Empresas,DC=100security,DC=local
53 | |
Microsoft | | CN=Bill Gates,OU=Microsoft,OU=Empresas,DC=100security,DC=local
54 | |
Network Configuration Operators | | |
Performance Log Users | | |
Performance Monitor Users | | |
Pre-Windows 2000 Compatible Access | | CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=100security,DC=local
55 | |
Print Operators | | |
RAS and IAS Servers | | |
RDS Endpoint Servers | | |
RDS Management Servers | | |
RDS Remote Access Servers | | |
Read-only Domain Controllers | CN=Denied RODC Password Replication Group,CN=Users,DC=100security,DC=local
56 | | |
Remote Desktop Users | | |
Remote Management Users | | |
Replicator | | |
Schema Admins | CN=Denied RODC Password Replication Group,CN=Users,DC=100security,DC=local
57 | | CN=Administrator,CN=Users,DC=100security,DC=local
58 | |
Server Operators | | |
Terminal Server License Servers | | |
Users | | CN=S-1-5-4,CN=ForeignSecurityPrincipals,DC=100security,DC=local
59 | CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=100security,DC=local
60 | CN=Domain Users,CN=Users,DC=100security,DC=local
61 | |
Windows Authorization Access Group | | CN=S-1-5-9,CN=ForeignSecurityPrincipals,DC=100security,DC=local
62 | |
WinRMRemoteWMIUsers__ | | |
63 | Name | MemberOf | Members |
Access Control Assistance Operators | | |
Account Operators | | |
Administrators | | CN=Domain Admins,CN=Users,DC=100security,DC=local
24 | CN=Enterprise Admins,CN=Users,DC=100security,DC=local
25 | CN=Administrator,CN=Users,DC=100security,DC=local
26 | |
Allowed RODC Password Replication Group | | |
Backup Operators | | |
Cert Publishers | CN=Denied RODC Password Replication Group,CN=Users,DC=100security,DC=local
27 | | |
Certificate Service DCOM Access | | |
Cloneable Domain Controllers | | |
Cryptographic Operators | | |
Denied RODC Password Replication Group | | CN=Read-only Domain Controllers,CN=Users,DC=100security,DC=local
28 | CN=Group Policy Creator Owners,CN=Users,DC=100security,DC=local
29 | CN=Domain Admins,CN=Users,DC=100security,DC=local
30 | CN=Cert Publishers,CN=Users,DC=100security,DC=local
31 | CN=Enterprise Admins,CN=Users,DC=100security,DC=local
32 | CN=Schema Admins,CN=Users,DC=100security,DC=local
33 | CN=Domain Controllers,CN=Users,DC=100security,DC=local
34 | CN=krbtgt,CN=Users,DC=100security,DC=local
35 | |
Distributed COM Users | | |
DnsAdmins | | |
DnsUpdateProxy | | |
Domain Admins | CN=Denied RODC Password Replication Group,CN=Users,DC=100security,DC=local
36 | CN=Administrators,CN=Builtin,DC=100security,DC=local
37 | | CN=Marcos Henrique,CN=Users,DC=100security,DC=local
38 | CN=Administrator,CN=Users,DC=100security,DC=local
39 | |
Domain Computers | | |
Domain Controllers | CN=Denied RODC Password Replication Group,CN=Users,DC=100security,DC=local
40 | | |
Domain Guests | CN=Guests,CN=Builtin,DC=100security,DC=local
41 | | |
Domain Users | CN=Users,CN=Builtin,DC=100security,DC=local
42 | | |
Enterprise Admins | CN=Denied RODC Password Replication Group,CN=Users,DC=100security,DC=local
43 | CN=Administrators,CN=Builtin,DC=100security,DC=local
44 | | CN=Administrator,CN=Users,DC=100security,DC=local
45 | |
Enterprise Read-only Domain Controllers | | |
Event Log Readers | | |
Group Policy Creator Owners | CN=Denied RODC Password Replication Group,CN=Users,DC=100security,DC=local
46 | | CN=Administrator,CN=Users,DC=100security,DC=local
47 | |
Guests | | CN=Domain Guests,CN=Users,DC=100security,DC=local
48 | CN=Guest,CN=Users,DC=100security,DC=local
49 | |
Hyper-V Administrators | | |
IIS_IUSRS | | CN=S-1-5-17,CN=ForeignSecurityPrincipals,DC=100security,DC=local
50 | |
Incoming Forest Trust Builders | | |
Network Configuration Operators | | |
Performance Log Users | | |
Performance Monitor Users | | |
Pre-Windows 2000 Compatible Access | | CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=100security,DC=local
51 | |
Print Operators | | |
RAS and IAS Servers | | |
RDS Endpoint Servers | | |
RDS Management Servers | | |
RDS Remote Access Servers | | |
Read-only Domain Controllers | CN=Denied RODC Password Replication Group,CN=Users,DC=100security,DC=local
52 | | |
Remote Desktop Users | | |
Remote Management Users | | |
Replicator | | |
Schema Admins | CN=Denied RODC Password Replication Group,CN=Users,DC=100security,DC=local
53 | | CN=Administrator,CN=Users,DC=100security,DC=local
54 | |
Server Operators | | |
Terminal Server License Servers | | |
Users | | CN=Domain Users,CN=Users,DC=100security,DC=local
55 | CN=S-1-5-11,CN=ForeignSecurityPrincipals,DC=100security,DC=local
56 | CN=S-1-5-4,CN=ForeignSecurityPrincipals,DC=100security,DC=local
57 | CN=Administrator,CN=Users,DC=100security,DC=local
58 | |
Windows Authorization Access Group | | CN=S-1-5-9,CN=ForeignSecurityPrincipals,DC=100security,DC=local
59 | |
WinRMRemoteWMIUsers__ | | |
60 |