Phone Get Quote
US: +1 888 720 9500
US: +1 888 791 1189
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9892

How to Get Privileged Accounts Using Powershell And ADAudit Plus

Keeping track of privileged users' activities is necessary to protect critical assets and fulfill compliance requirements. By identifying and monitoring privileged accounts, IT administrators can mitigate external cyberattacks as well as insider threats such as privilege misuse.

The following is a comparison between the procedures for identifying privileged accounts with Windows PowerShell and ADAudit Plus:


Steps to get privileged accounts using PowerShell:

  • Define the domain from which you want to retrieve the report.
  • Find the LDAP attributes you need to fetch the report.
  • Identify the primary DC to retrieve the report.
  • Compile the script.
  • Execute it in Windows PowerShell
  • The report will be exported in the specified format.
  • To obtain the report in a different format, modify the script accordingly.

Sample Windows PowerShell script

The following cmdlet returns a list of high-privileged accounts that are authenticated by RODC but not revealed in html format.

Get-ADDomainController -Filter {IsReadOnly -eq $True} | Get-ADRodcAuthenticatedNotRevealed |  -ReportType HTML | Out-File -FilePath C:\PrivilegedAccountReports\Report1.html
Click to copy entire script

(Mention the location where report needs to be saved)

ADAudit Plus

To obtain the report,

  • Navigate to Reports -> Account Management -> Administrative User Actions.
  • Select the required 'Domain' from the drop down option on the top right corner.
  • Select 'Export as' to export the report in any of the preferred formats (CSV, PDF, HTML, and XLS).

Following are the limitations to obtain report of privileged users using native tools like Windows PowerShell:

  • We can run this script only from the computers which have Active Directory Domain Services role.
  • In order to export the report in other formats, the script needs to be modified each time.
  • Applying more filters will increase the LDAP query complexity.
  • Comprehending numerous logs to monitor privileged user actions can be cumbersome.

ADAudit Plus will automatically scan all DCs in the domain to retrieve information about privileged users, generate the report and present it in a simple and intuitively designed UI.

  • Avoid complex PowerShell-scripting, and simplify AD change auditing with ADAudit Plus.
  • Avoid complex PowerShell-scripting, and simplify AD change auditing with ADAudit Plus.
  • By clicking 'Get Your Free Trial', you agree to processing of personal data according to the Privacy Policy.
  • Thanks!
  • Your download is in progress and it will be completed in just a few seconds! If you face any issues, download manually here.

Related Resources

ADAudit Plus Trusted By