Get the list of members from domain admin group

Sreehari · May 27, 2025, 11:56am

Hi Team,

I am trying to get list of members from domain admins group from active directory. I able to get members from local groups with below relevance.

members of local group “administrators”

Can someone help me or direct me to get list of active directory domain admins group member list

JasonWalker · May 27, 2025, 1:57pm

Be very careful with whatever you do there - if you have every computer constantly retrieving the Domain Admins group, that can easily overwhelm your Domain Controllers.

I’ll look into this, but once we know how to query the members, this should only be run on one domain controller, not on every computer, and it should be done infrequently.

Sreehari · May 30, 2025, 7:35am

Hi @JasonWalker sorry to bother you.

did you get a chance to look in to this please

orbiton · May 30, 2025, 12:24pm

@Sreehari

The active directory inspectors on BigFix can provide Information about the user or computer on which the BigFix agent client is installed at.

If I understand you correctly, you want to query information from the Active Directory and Add that information to BigFix platform

I’ll would tackle that in the Following way:

Create a Task which will be run on the Domain Controller and would be run with a user who can make queries to the Active Directory - The actual Task will have a PowerShell Script which will make the query and will output the information into a File or Registry - The Action will run daily.
Create an Analysis which will be relevant for the Domain Controller who made the Query - and gather the content of the File or the Registry

Is that what you are trying to accomplish?