Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

HealthCheck - Groups with AdminCount set to 1 #171

Closed
2 tasks done
rebelinux opened this issue Jun 9, 2024 · 0 comments · Fixed by #181
Closed
2 tasks done

HealthCheck - Groups with AdminCount set to 1 #171

rebelinux opened this issue Jun 9, 2024 · 0 comments · Fixed by #181
Assignees
@rebelinux
Labels
change request Request a new change or an improvement
Milestone
v0.8.2

Comments

@rebelinux
Copy link
Collaborator

rebelinux commented Jun 9, 2024
edited
Loading

Description

Add healthcheck condition to check

Groups with AdminCount set to 1 (non-defaults)

$excludedGroups = @(
	'Administrators',
	'DNSAdmins',
	'Domain Admins',
	'Enterprise Admins',
	'Print Operators',
	'Backup Operators',
	'Replicator',
	'krbtgt',
	'Domain Controllers',
	'Schema Admins',
	'Server Operators',
	'Cert Publishers',
	'Account Operators',
	'Read-Only Domain Controllers',
	'Enterprise Read-Only Domain Controllers',
	'Group Policy Creator Owners',
	'Key Admins',
	'Enterprise Key Admins'
)

Get-ADGroup -Filter "admincount -eq '1'" | Where-Object {$_.samaccountname -notin $excludedGroups }

DistinguishedName : CN=SCCM-GMSA,CN=Users,DC=acad,DC=pharmax,DC=local
GroupCategory     : Security
GroupScope        : Global
Name              : SCCM-GMSA
ObjectClass       : group
ObjectGUID        : 7b9b2fea-c08e-4d0d-a71d-182d0698e493
SamAccountName    : SCCM-GMSA
SID               : S-1-5-21-370360276-377477351-3184454278-1104

Additional Context

No response

Before submitting

  • I have read the documentation, and referred to the known issues before submitting this change request.
  • I have checked for previously opened & closed issues before submitting this change request.
@rebelinux rebelinux added the change request Request a new change or an improvement label Jun 9, 2024
@rebelinux rebelinux self-assigned this Jun 9, 2024
rebelinux added a commit to rebelinux/AsBuiltReport.Microsoft.AD that referenced this issue Jun 10, 2024
@rebelinux
Fix HealthCheck - Groups with AdminCount set to 1 AsBuiltReport#171
5818661
rebelinux added a commit to rebelinux/AsBuiltReport.Microsoft.AD that referenced this issue Jun 10, 2024
@rebelinux
Fix HealthCheck - Groups with AdminCount set to 1 AsBuiltReport#171
8d22b0d
@rebelinux rebelinux reopened this Jun 13, 2024
@rebelinux rebelinux mentioned this issue Jun 13, 2024
Merged
7 tasks
@rebelinux rebelinux added this to the v0.8.2 milestone Jun 14, 2024
@rebelinux rebelinux mentioned this issue Jun 15, 2024
Merged
7 tasks
@rebelinux rebelinux mentioned this issue Jun 15, 2024
Merged
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rebelinux rebelinux

Labels
change request Request a new change or an improvement
Projects
None yet
Milestone
v0.8.2
Development

Successfully merging a pull request may close this issue.

v0.8.2 rebelinux/AsBuiltReport.Microsoft.AD
1 participant
@rebelinux