Penetration Testing mailing list archives
Re: How to get the list of domain admins
From: pand0ra <pand0ra.usa () gmail com>
Date: Fri, 25 Jul 2008 13:56:03 -0600
Here is a .vbs script you can use to find all of that. It will dump the info to a .csv file. Option Explicit On Error Resume Next Const GROUP_DN1 = "WinNT://<insert domain>/Administrators" Const GROUP_DN2 = "WinNT://<insert domain>/Enterprise Admins" Const GROUP_DN3 = "WinNT://<insert domain>/Schema Admins" Const GROUP_DN4 = "WinNT://<insert domain>/Domain Adminis" Const GROUP_DN5 = "WinNT://<insert domain>/Server Operators" Const GROUP_DN6 = "WinNT://<insert domain>/Account Operators" Const GROUP_DN7= "WinNT://<insert domain>/Backup Operators" Const GROUP_DN8= "WinNT://<insert domain>/Server Operators" Const GROUP_DN9= "WinNT://<insert domain>/Enterprise Server Operators" Const GROUP_DN10= "WinNT://<insert domain>/ENT Server Operators" Const GROUP_DN11= "WinNT://<insert domain>/DNSAdmins" Const OUTPUT_FILE_NAME = "Groups.csv" Const DELIMITER = "," Dim intCounter, objFileOutput, objFSO, objGroup, objMember, strDomainName Sub EnumGroups(strDN, strGroupName) Set objGroup = GetObject(strDN) For Each objMember In objGroup.Members Select Case objMember.Class Case "User" objFileOutput.WriteLine Replace(Mid(objMember.ADsPath, 9), "/", "\") & DELIMITER & objMember.FullName & DELIMITER & objMember.Description & DELIMITER & strGroupName intCounter = intCounter + 1 Case "Group" EnumGroups objMember.ADsPath, Replace(Mid(objMember.ADsPath, 9), "/", "\") Case Else objFileOutput.WriteLine Replace(Mid(objMember.ADsPath, 9), "/", "\") & DELIMITER & DELIMITER & DELIMITER & DELIMITER & strGroupName intCounter = intCounter + 1 End Select Next End Sub Set objFSO = WScript.CreateObject("Scripting.FileSystemObject") Set objFileOutput = objFSO.CreateTextFile(OUTPUT_FILE_NAME) objFileOutput.WriteLine Replace(Mid(GROUP_DN1, 9), "/", "\") & vbCrLf & "------------------------------------------" & vbCrLf & "UserName" & DELIMITER & "FullName" & DELIMITER & "Description" & DELIMITER & "Group Name" & vbCrLf & "----------------------------------------------------------------------------------------------------------------" EnumGroups GROUP_DN1, Replace(Mid(GROUP_DN1, 9), "/", "\") & vbCrLf & vbCrLf Set objFSO = WScript.CreateObject("Scripting.FileSystemObject") Set objFileOutput = objFSO.CreateTextFile(OUTPUT_FILE_NAME) objFileOutput.WriteLine Replace(Mid(GROUP_DN2, 9), "/", "\") & vbCrLf & "------------------------------------------" & vbCrLf & "UserName" & DELIMITER & "FullName" & DELIMITER & "Description" & DELIMITER & "Group Name" & vbCrLf & "----------------------------------------------------------------------------------------------------------------" EnumGroups GROUP_DN2, Replace(Mid(GROUP_DN2, 9), "/", "\") & vbCrLf & vbCrLf Set objFSO = WScript.CreateObject("Scripting.FileSystemObject") Set objFileOutput = objFSO.CreateTextFile(OUTPUT_FILE_NAME) objFileOutput.WriteLine Replace(Mid(GROUP_DN3, 9), "/", "\") & vbCrLf & "------------------------------------------" & vbCrLf & "UserName" & DELIMITER & "FullName" & DELIMITER & "Description" & DELIMITER & "Group Name" & vbCrLf & "----------------------------------------------------------------------------------------------------------------" EnumGroups GROUP_DN3, Replace(Mid(GROUP_DN3, 9), "/", "\") & vbCrLf & vbCrLf Set objFSO = WScript.CreateObject("Scripting.FileSystemObject") Set objFileOutput = objFSO.CreateTextFile(OUTPUT_FILE_NAME) objFileOutput.WriteLine Replace(Mid(GROUP_DN4, 9), "/", "\") & vbCrLf & "------------------------------------------" & vbCrLf & "UserName" & DELIMITER & "FullName" & DELIMITER & "Description" & DELIMITER & "Group Name" & vbCrLf & "----------------------------------------------------------------------------------------------------------------" EnumGroups GROUP_DN4, Replace(Mid(GROUP_DN4, 9), "/", "\") & vbCrLf & vbCrLf Set objFSO = WScript.CreateObject("Scripting.FileSystemObject") Set objFileOutput = objFSO.CreateTextFile(OUTPUT_FILE_NAME) objFileOutput.WriteLine Replace(Mid(GROUP_DN5, 9), "/", "\") & vbCrLf & "------------------------------------------" & vbCrLf & "UserName" & DELIMITER & "FullName" & DELIMITER & "Description" & DELIMITER & "Group Name" & vbCrLf & "----------------------------------------------------------------------------------------------------------------" EnumGroups GROUP_DN5, Replace(Mid(GROUP_DN5, 9), "/", "\") & vbCrLf & vbCrLf Set objFSO = WScript.CreateObject("Scripting.FileSystemObject") Set objFileOutput = objFSO.CreateTextFile(OUTPUT_FILE_NAME) objFileOutput.WriteLine Replace(Mid(GROUP_DN6, 9), "/", "\") & vbCrLf & "------------------------------------------" & vbCrLf & "UserName" & DELIMITER & "FullName" & DELIMITER & "Description" & DELIMITER & "Group Name" & vbCrLf & "----------------------------------------------------------------------------------------------------------------" EnumGroups GROUP_DN6, Replace(Mid(GROUP_DN6, 9), "/", "\") & vbCrLf & vbCrLf Set objFSO = WScript.CreateObject("Scripting.FileSystemObject") Set objFileOutput = objFSO.CreateTextFile(OUTPUT_FILE_NAME) objFileOutput.WriteLine Replace(Mid(GROUP_DN7, 9), "/", "\") & vbCrLf & "------------------------------------------" & vbCrLf & "UserName" & DELIMITER & "FullName" & DELIMITER & "Description" & DELIMITER & "Group Name" & vbCrLf & "----------------------------------------------------------------------------------------------------------------" EnumGroups GROUP_DN7, Replace(Mid(GROUP_DN7, 9), "/", "\") & vbCrLf & vbCrLf Set objFSO = WScript.CreateObject("Scripting.FileSystemObject") Set objFileOutput = objFSO.CreateTextFile(OUTPUT_FILE_NAME) objFileOutput.WriteLine Replace(Mid(GROUP_DN8, 9), "/", "\") & vbCrLf & "------------------------------------------" & vbCrLf & "UserName" & DELIMITER & "FullName" & DELIMITER & "Description" & DELIMITER & "Group Name" & vbCrLf & "----------------------------------------------------------------------------------------------------------------" EnumGroups GROUP_DN8, Replace(Mid(GROUP_DN8, 9), "/", "\") & vbCrLf & vbCrLf Set objFSO = WScript.CreateObject("Scripting.FileSystemObject") Set objFileOutput = objFSO.CreateTextFile(OUTPUT_FILE_NAME) objFileOutput.WriteLine Replace(Mid(GROUP_DN9, 9), "/", "\") & vbCrLf & "------------------------------------------" & vbCrLf & "UserName" & DELIMITER & "FullName" & DELIMITER & "Description" & DELIMITER & "Group Name" & vbCrLf & "----------------------------------------------------------------------------------------------------------------" EnumGroups GROUP_DN9, Replace(Mid(GROUP_DN9, 9), "/", "\") & vbCrLf & vbCrLf Set objFSO = WScript.CreateObject("Scripting.FileSystemObject") Set objFileOutput = objFSO.CreateTextFile(OUTPUT_FILE_NAME) objFileOutput.WriteLine Replace(Mid(GROUP_DN10, 9), "/", "\") & vbCrLf & "------------------------------------------" & vbCrLf & "UserName" & DELIMITER & "FullName" & DELIMITER & "Description" & DELIMITER & "Group Name" & vbCrLf & "----------------------------------------------------------------------------------------------------------------" EnumGroups GROUP_DN10, Replace(Mid(GROUP_DN10, 9), "/", "\") & vbCrLf & vbCrLf Set objFSO = WScript.CreateObject("Scripting.FileSystemObject") Set objFileOutput = objFSO.CreateTextFile(OUTPUT_FILE_NAME) objFileOutput.WriteLine Replace(Mid(GROUP_DN11, 9), "/", "\") & vbCrLf & "------------------------------------------" & vbCrLf & "UserName" & DELIMITER & "FullName" & DELIMITER & "Description" & DELIMITER & "Group Name" & vbCrLf & "----------------------------------------------------------------------------------------------------------------" EnumGroups GROUP_DN11, Replace(Mid(GROUP_DN11, 9), "/", "\") & vbCrLf & vbCrLf MsgBox "Completed enumerating users.", vbInformation, "Execution completed" 'end On Thu, Jul 17, 2008 at 11:22 PM, Shankar Arjunan <shankar.arjunan () gmail com> wrote:
Hi all, Can anyone tell me how to get list of users who are having domain admin rights in a domain. I vaguely remember using it through command line utility net use or net localgroup .. Thanks in advance Shankar ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- How to get the list of domain admins Shankar Arjunan (Jul 22)
- Re: How to get the list of domain admins Sean Brackeen (Jul 25)
- RE: How to get the list of domain admins asamargin (Jul 28)
- Re: How to get the list of domain admins Neil Moore (Jul 28)
- RE: How to get the list of domain admins Robert Petrunic (Jul 25)
- Re: How to get the list of domain admins Marco Ivaldi (Jul 25)
- Re: How to get the list of domain admins Taufiq Ali (Jul 25)
- Re: How to get the list of domain admins Kurt Buff (Jul 25)
- Re: How to get the list of domain admins pand0ra (Jul 28)
- RE: How to get the list of domain admins Roni Bachar (Jul 29)
- <Possible follow-ups>
- RE: How to get the list of domain admins Tudor, Razvan (Jul 25)
- Re: How to get the list of domain admins Sean Brackeen (Jul 25)