Identifying Active Directory built-in groups

Identifying Active Directory built-in groups

An Active Directory (AD) environment will contain a set of groups by default when a domain is created. These groups are built-in groups, and they are located in the built-in container. The built-in groups can be used to control access to shared resources and administrative roles throughout the domain.
 
If you want to identify all the built-in groups in the AD domain, you can either use the ADUC console and navigate to the built-in container, or you can run a PowerShell script that will return the various groups. Here is the script that will display the group names and their details such as group scope, group category, and Security Identifiers:
 
  1. PS> Get-ADGroup -SearchBase 'CN=Builtin,DC=domain,DC=com' -Filter * |
  2. Format-Table Name,GroupScope,GroupCategory,SID