Active_Directory_Scripts icon indicating copy to clipboard operation
Active_Directory_Scripts copied to clipboard

Published 20 hours ago verified publisher icon chadmcox

ADROOT Account Found

Open MidwestAdmin opened this issue 7 years ago • 1 comments

What is the ADROOT account living in RootDSE? This powershell script was able to find it but when I browse RootDSE using ADSI Edit I can't see it but I can find it and manipulate it when running powershell through ISE when debugging. I can't find any documentation on the existence of this account but it was privileged at one time because the script finds it and resets it's AdminCount flag. Why does this script find it and since it reset the flag on it should I be concerned?

adroot

MidwestAdmin avatar Jul 23 '18 14:07 MidwestAdmin

that's not very clear. the adroot is the name of the psprovider being mapped. in this case looks like only one group was found

chadmcox avatar Aug 29 '18 15:08 chadmcox