|
I've just implemented an audit tool to check all our NT 4.0 domains (there are a lot!) for compliance with our policies and procedures.
The tool also highlights exceptions like accounts not used for 90 day, and users who are members of admin groups.
The problem is that the WinNT provider which I'm using only returns the group names, which is fine for English language installations where the names have not been changed.
I'd like to determine (for each domain) the native group names for Administrators and Domain Admins groups. The ID (UUID? GUID?) should remain constant so should get me to the information if I can find a way of retrieving it.
At the moment the tool does not require elevated privilege and I'd prefer to keep it that way if possible.
I'm trying to stick to the WinNT: provider as the lowest common denominator, as the domains in question are not under my direct control and I don't know what's out there.
| 
