Users who have AdminCount=1 are not necessarily domain admins (DA).
|
def GetDomainAdmin(self)->None: |
|
printTitle("[-] Users who are Domain Admin") |
|
|
|
OBJECT_TO_SEARCH = '(&(objectCategory=user)(adminCount=1))' |
So this section should probably be renamed Privileged domain accounts.
The following table lists Active Directory’s default protected object sets, including the groups that may induce an update of the AdminCount attribute on its members:
I would be nice to do another query to find DA only. You can filter the DA group with (&(objectclass=group)(CN=Domain Admins)) and then get all users (&(objectclass=user)(MemberOf=$($_.DistinguishedName))) from that group.
Ref.
Users who have
AdminCount=1are not necessarily domain admins (DA).ADenum/ADenum.py
Lines 279 to 282 in fbbe14d
So this section should probably be renamed
Privileged domain accounts.I would be nice to do another query to find DA only. You can filter the DA group with
(&(objectclass=group)(CN=Domain Admins))and then get all users(&(objectclass=user)(MemberOf=$($_.DistinguishedName)))from that group.Ref.