I manage about 900 machines at work. I am trying to scan my Active Directory list for accounts where the domain admin account is missing from the local admin group. By default, users joining the domain will get the domain admin account added to the local admin group. Is there a program that can scan my AD list and report back the machines that I can/can not access?