Shadow admins might not wear capes—but they can bring down your Active Directory if left unchecked. In this episode of Directory Insights in 10 Minutes, Craig Birch takes a sharp dive into AD delegations that slip through the cracks—commonly misconfigured permissions that give users dangerous access without being in official admin groups.
You'll learn:
What shadow admins are and why they’re so often missed
Key permissions that signal elevated access risk
Where to look inside your AD to find hidden privilege paths
PowerShell tools and techniques to surface these threats
Practical next steps to verify and remediate access
Whether you're managing AD or auditing security posture, this is the 10-minute hit you need to guard your directory from internal elevation risks.
Episode Highlights:
(00:00) Introduction to shadow admins and delegated permissions
(01:15) Deep dive into risky permissions: GenericAll, WriteOwner, ReplicateDirectoryChanges
(03:42) Where to find shadow admins: domain root, Domain Controllers OU, Sync OUs
(06:05) PowerShell tools to uncover hidden delegations
(07:30) Tips for reviewing and remediating shadow admin rights
(09:00) Final thoughts: stay vigilant, stay guarded
📌 Show Notes (YouTube / Podcast Website)
Las Culturistas with Matt Rogers and Bowen Yang
Ding dong! Join your culture consultants, Matt Rogers and Bowen Yang, on an unforgettable journey into the beating heart of CULTURE. Alongside sizzling special guests, they GET INTO the hottest pop-culture moments of the day and the formative cultural experiences that turned them into Culturistas. Produced by the Big Money Players Network and iHeartRadio.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.