https://adsecurity.org/?p=873

Windows Computer Primary Group IDs

  • 515 – Domain Computers
  • 516 – Domain Controllers (writable)
  • 521 – Domain Controllers (Read-Only)

Domain Computers (Workstation & Servers – No Domain Controllers)

Import-Module ActiveDirectory

Get-ADComputer -Filter {PrimaryGroupID -eq 515}

Domain Controllers (All)

Import-Module ActiveDirectory

Get-ADComputer -Filter {PrimaryGroupID -ne 516}


Domain Controllers (RODCs only)

Import-Module ActiveDirectory

Get-ADComputer -Filter {PrimaryGroupID -eq 521}










저작자표시 비영리 변경금지

+ Recent posts

티스토리툴바