{"id":4586,"date":"2025-09-17T20:03:00","date_gmt":"2025-09-18T00:03:00","guid":{"rendered":"https:\/\/adsecurity.org\/?p=4586"},"modified":"2025-09-15T11:12:21","modified_gmt":"2025-09-15T15:12:21","slug":"active-directory-security-tip-5-the-default-domain-administrator-account","status":"publish","type":"post","link":"https:\/\/adsecurity.org\/?p=4586","title":{"rendered":"Active Directory Security Tip #5: The Default Domain Administrator Account"},"content":{"rendered":"\n<p>In every Active Directory domain, there&#8217;s the default domain Administrator account. <br>Here are some key items to check:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Do you know when the last time the Administrator account was used (logged into)? <\/li>\n\n\n\n<li>The last time its password was changed? Is it current?<\/li>\n\n\n\n<li>How the password is managed and stored? <\/li>\n\n\n\n<li>Does it have an associated Kerberos Service Principal Name (SPN)? (it shouldn&#8217;t) <\/li>\n\n\n\n<li>Is it enabled? (it&#8217;s probably fine if it is)<\/li>\n<\/ul>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"680\" height=\"239\" src=\"https:\/\/adsecurity.org\/wp-content\/uploads\/2025\/09\/Gva7TGYWUAA60cl.png\" alt=\"\" class=\"wp-image-4587\" srcset=\"https:\/\/adsecurity.org\/wp-content\/uploads\/2025\/09\/Gva7TGYWUAA60cl.png 680w, https:\/\/adsecurity.org\/wp-content\/uploads\/2025\/09\/Gva7TGYWUAA60cl-300x105.png 300w\" sizes=\"auto, (max-width: 680px) 100vw, 680px\" \/><\/figure>\n\n\n\n<p><br><strong>PowerShell for current domain using the AD PowerShell cmdlets: <\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$Domain = $env:userdnsdomain\n$DomainDC = (Get-ADDomainController -Discover -DomainName $Domain).Name\nGet-ADUser \"$((Get-ADDomain).DomainSID)-500\" -Properties Name,Enabled,Created,PasswordLastSet,LastLogonDate,ServicePrincipalName,SID -Server $DomainDC<\/code><\/pre>\n\n\n\n<p><br><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In every Active Directory domain, there&#8217;s the default domain Administrator account. Here are some key items to check: PowerShell for current domain using the AD PowerShell cmdlets:<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[565,7,2],"tags":[1469,1473],"class_list":["post-4586","post","type-post","status-publish","format-standard","hentry","category-activedirectorysecurity","category-powershell","category-technical-reference","tag-activedirectorysecuritytip","tag-defaultdomainadministratoraccount","item-wrap"],"_links":{"self":[{"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/posts\/4586","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/adsecurity.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4586"}],"version-history":[{"count":4,"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/posts\/4586\/revisions"}],"predecessor-version":[{"id":4643,"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/posts\/4586\/revisions\/4643"}],"wp:attachment":[{"href":"https:\/\/adsecurity.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4586"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/adsecurity.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4586"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/adsecurity.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4586"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}