Limiting the number of local admin accounts is an important way to help limit the ways an attacker can pivot within your environment. But how can you find out where all the local admin accounts are? 4sysops has a great script over at https://4sysops.com/archives/create-a-list-of-local-administrators-with-powershell/#script-usage, but if you want to make it just a little bit more useful feed it a list of every computer in your ad to check against thusly, Get–LocalGroupMembers.ps1 –ComputerName (Get-ADComputer -Filter ‘*’ | Select -Expand Name) >> file.txt. Note: You will need to have the PowerShell AD module installed for this to work properly.This will query every machine online within your environment to see who has a local admin account on what box. You can also check the output to see which machines were not available to scan the first time, and include them in subsequent scans.