AD Pro Toolkit User Guide

Active Directory Tools > Local Admin Report

Local Administrators Report Tool

Do you know which users have local administrator rights on their devices?

The local Admin Report Tool will scan remote computers and report accounts that are a member of the local administrator’s group. This tool makes it easy to report which users have local administrator rights on their devices.

Download Free Trial

Features:

  • Find who has local administrator rights
  • Scan all local groups
  • Export to CSV, Excel or PDF
  • Fast and easy to use
  • Optionally get nested group members from the local admin group

Requirements:

  • WMI needs to be allowed inbound. If you have the Windows firewall enabled see Firewall docs for the GPO firewall settings to enable WMI.
  • You will need administrator rights on the remote computers.

How to Use the Local Administrators Report Tool

Step 1. Click on “Local Admin Report” from the management tools page.

Step 2. Click Run.

The default search option is the entire domain, click Run to start the scan. To select an OU or group click browse.

The report includes the following columns.

  • Computer = The remote computer hostname.
  • Group Name = The name of the local group.
  • Member Name = The name of the user or group that is a member of the group.
  • Object Class = The members object class.
  • Principal Source = This indicates if the member is a domain object or local object.
  • Status = Computer status.

Report Example.

In the above example, the server SRV09 has the following accounts as a member of the local administrator’s group.

  • Administrator (local user object)
  • Domain Admins (domain group)
  • it_wrk_admins (domain group)

Scan Computers in a Specific OU or Group

To scan computers in a specific OU or group click the browse button.

Now when you run the tool it will only scan the computers from the selected OUs or groups.

Scan Computers from a CSV list.

To scan a list of specific computers you can use a CSV file.

1. Download the CSV template.

2. Enter each computer name in the CSV file.

3. Select your CSV file and click run.

Scan All Local Groups

By default, the tool will only get members from the local administrator group.

To get all groups click the “Show All groups” box.

When you run the tool it will now include all local groups.

Included Nested Group Membership

By default, the tool will get direct members only. To show members of groups click “Include nested groups”

Here is a before screenshot (no nested groups).

Here is a screenshot after enabling “Include nested groups”.

The report now includes all the members of the “it_wrk_admins” group.

Schedule Scans (Automated Reports)

The local admin report tool can be run on an automated schedule with email reports.

1. Click on Scheduler

Note: If you want automated email reports you will first need to configure the email settings.

2. Click on Add and select “Local Admins Report”.

Click Next and complete the steps to create a task.

Other features

Below are additional features included in the AD Pro Toolkit.

AD ACL Scanner

Audit Active Directory delegated permissions.

AD Cleanup Tool

Find inactive users and computer accounts in Active Directory. Cleanup and secure your AD domain.

Bulk User Update Tool

Bulk update user account attributes. Easily make mass changes to multiple user accounts at once.

NTFS Permissions Report

Scan and audit the NTFS permissions on local and shared folders.

Local Admin Report

Scan remote computers and find users that have local administrator rights on their devices.