PowerShellers...
We've recently discovered one of our ex-Domain Admins has went in and explicitly granted himself "Full Control" to certain high-level users. We have thousands of users in our domain, so right-clicking each user and viewing the ACL/ACE isn't an option.
Is there a way using PowerShell that we can identify what user objects this person has gave himself "Full Control" too?
Admit tingly, I tried a few things with "Get-ACL", but I didn't get very far.
Regards,
T