This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- Reports & Analytics
- Privileged AD Users in Local Groups Report
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-13-2023 06:05 AM
I decided to analyze AD users for administrative rights on local machines and wrote this query with 3 levels membership:
Select Top 1000000 tblassets.AssetID,
tblassets.Domain,
tblassets.AssetName,
tblUsersInGroup.Groupname As local_adm_group_name,
tblUsersInGroup.Domainname As local_membership_domain,
tblUsersInGroup.Username As local_membership_object_name,
tblADObjects1.domain As Down_L1_Domain,
tblADObjects1.sAMAccountName As Down_L1_Object_name,
tblADObjects2.domain As Down_L2_Domain,
tblADObjects2.sAMAccountName As Down_L2_Object_name,
tblADObjects3.domain As Down_L3_Domain,
tblADObjects3.sAMAccountName As Down_L3_Object_name
From tblassets
Inner Join tblUsersInGroup On tblassets.AssetID = tblUsersInGroup.AssetID And
tblUsersInGroup.admingroup = 1 And tblUsersInGroup.Username Not In
('Domain Admins', 'Administrator')
Left Join tblADObjects On tblUsersInGroup.Domainname = tblADObjects.domain And
tblUsersInGroup.Username = tblADObjects.sAMAccountName
Left Join tblADMembership On tblADObjects.ADObjectID =
tblADMembership.ParentAdObjectID
Left Join tblADObjects tblADObjects1 On tblADObjects1.ADObjectID =
tblADMembership.ChildAdObjectID
Left Join tblADMembership tblADMembership1 On tblADObjects1.ADObjectID =
tblADMembership1.ParentAdObjectID
Left Join tblADObjects tblADObjects2 On tblADMembership1.ChildAdObjectID =
tblADObjects2.ADObjectID
Left Join tblADMembership tblADMembership2 On tblADObjects2.ADObjectID =
tblADMembership2.ParentAdObjectID
Left Join tblADObjects tblADObjects3 On tblADMembership2.ChildAdObjectID =
tblADObjects3.ADObjectID
Order By Down_L3_Domain Desc,
Down_L2_Domain Desc,
Down_L1_Domain Desc,
local_membership_domain Desc,
tblassets.assetname Desc
*You can filter your standard accounts and groups by edit list
Not In ('Domain Admins', 'Administrator')
Labels:
- Labels:
-
Finished Reports
0 REPLIES 0
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
- When I search a user, I'd like LS to show Airwatch asset information as well. in Reports & Analytics
- Report - AD Users in both groups in Reports & Analytics
- Custom Report - Exclude certain asset groups in Reports & Analytics
- Report: Need Last User login from specific Security Group in Product Discussions
- Active Directory Security Group including other security groups in Reports & Analytics
