When you add a user to a group (and the user re-logs on), the user acquires additional permissions and rights. That may be a good thing! Group membership enables the user to perform job-related duties. However, adding the user to the Enterprise Admins group, for example, provides that user with rights over most of your forest. A user who acquires the membership to such high privilege groups may not have benign intentions and could represent a serious risk. The report you generate using this recipe shows the privileged users and any changes that someone has made to the group membership.
Creating a privileged user report
Getting ready
You need a DC on which to run this report.
 
                                             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
             
     
         
                 
                 
                 
                 
                 
                 
                 
                 
                 
                 
                 
                 
                 
                 
                 
                 
                 
                 
                 
                 
                