I have the following analysis that gets me all members of local admins in my domain. How can I adjust this so that the result does not include any groups. In other words, I just need any users that are in the local admins group.
Furthermore, I’d like to exclude a couple of user id’s from the result. Many of the servers in my domain have a local admin named “localgod” or “super” - how can I exclude these from the result as well?
(name of it, (if (number of members of it > 0) then (concatenations “%0A%0D” of (members of it as string)) else (“No Members”)) ) of local groups
This should do it, it’s a variation on one I’ve used before.
q: (sids whose (exists user of it and following text of last "-" of component string of it != "500" ) of members of local group it) of "Administrators"
A: MYCOMPUTER\second-admin-account
A: MYDOMAIN\my-name
The check on the component string of sid excludes the SID ending with “-500”, which is the built-in Administrator account; so it doesn’t matter whether it has been renamed, this result excludes the built-in Administrator.
I see where this would work, but I don’t see where my two custom ID’s are excluded?
That part is left as homework 
1 Like