FindandFixADObjectswithStaleAdminSDHolder.ps1 ignores recursive nested admin groups leading to invalid results

[mcdonamw]

It seems FindandFixADObjectswithStaleAdminSDHolder.ps1 only identifies the default set of admin groups and ignores recursive groups that are nested within. As a result, the resulting output file for valid privileged members is missing users that are members of said nested groups. I noticed this when users I know to be members of nested groups within the admin groups were missing from the default report.

With that said, when determining orphaned users, it appears you are querying recursively (get-adgroup -recursivematch), so the orphaned results seems fine.