Closed rebelinux closed 3 months ago
Add healthcheck condition to check
Groups with AdminCount set to 1 (non-defaults)
$excludedGroups = @( 'Administrators', 'DNSAdmins', 'Domain Admins', 'Enterprise Admins', 'Print Operators', 'Backup Operators', 'Replicator', 'krbtgt', 'Domain Controllers', 'Schema Admins', 'Server Operators', 'Cert Publishers', 'Account Operators', 'Read-Only Domain Controllers', 'Enterprise Read-Only Domain Controllers', 'Group Policy Creator Owners', 'Key Admins', 'Enterprise Key Admins' ) Get-ADGroup -Filter "admincount -eq '1'" | Where-Object {$_.samaccountname -notin $excludedGroups } DistinguishedName : CN=SCCM-GMSA,CN=Users,DC=acad,DC=pharmax,DC=local GroupCategory : Security GroupScope : Global Name : SCCM-GMSA ObjectClass : group ObjectGUID : 7b9b2fea-c08e-4d0d-a71d-182d0698e493 SamAccountName : SCCM-GMSA SID : S-1-5-21-370360276-377477351-3184454278-1104
No response
Description
Add healthcheck condition to check
Groups with AdminCount set to 1 (non-defaults)
Additional Context
No response
Before submitting