Skip to content

AAFC-Cloud/admin-account-audit

BranchesTags

Repository files navigation

🛡️Admin Account Audit🛡️


Voir la version française

Description

Admin Account Audit is a Rust CLI tool to audit Azure role assignments and group ownerships, focusing on identifying non-admin users who have been granted elevated permissions or own security groups. The tool fetches all role assignments, users, and groups, and outputs a JSON report listing non-admin users with direct or group-based role assignments, as well as non-admin group owners.

  • Designed for Azure environments
  • Outputs results as a JSON file
  • Helps organizations identify potential privilege escalations

Installation

Windows:

  1. Download the latest Windows binary from the releases page.
  2. Unzip and place admin_account_audit.exe somewhere in your PATH.

Other operating systems:

Currently, only Windows binaries are provided. However, you can build from source on Linux or macOS using Rust and Cargo:

git clone https://github.com/AAFC-Cloud/admin-account-audit.git
cd admin-account-audit
cargo build --release

The resulting binary will be in target/release/.

Usage

admin_account_audit <output_path> [--overwrite-existing]
  • <output_path>: Path to write the JSON results.
  • --overwrite-existing: Overwrite the output file if it already exists.

Example

admin_account_audit output.json --overwrite-existing

Copyright

Copyright belongs to © His Majesty the King in Right of Canada, as represented by the Minister of Agriculture and Agri-Food, 2025.

About

Find non-admin accounts that have access that should be done with admin accounts in the Azure Portal.

Resources

Readme

License

View license

Code of conduct

Code of conduct

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases 1

v0.1.0 Latest
Jul 15, 2025

Packages

 
 
 

Contributors

Languages

Generated from AAFC-Cloud/Template