I decided to take two modules and crash them together to add some automation to some tasks that I seem to pick up often. I took the LSA Secrets module and the Domain Group Enum module and combined them to be one module. I then added some addition comparison functions to inform me if any of the service accounts being used are part of the “Domain Admins” group. I have hard coded the domain admins group rather than leave this as a variable, this can be easily changed but I wanted it just to work while using run commands from a meterpreter session or while using Dark Operators macro script to run over multiple sessions.
The code can be found here: lsa_enum_DA.rb
The following shows the module running against a server with 3 service accounts one local admin and 2 domain admins, firstly the domain admins are reported for the domain, then on each service account a line informs the user if the account is a domain admin or not.