A file or a folder in a Windows server has the option of Effective Permissions or Effective Access where you can provide an user or a group and it will check what kind of permissions this user has.
Is there this option for the server Administrators? As it can contain groups, and nested groups, and nested and nested groups; I'd find it useful.
Run each of these commands one at a time in a PowerShell window on a domain controller of the domain the server in question is joined and you will get a list of all groups and users who are members of the local Administrators group for the server in question. The second command will list all direct members of the local administrators group. The third command will list all members of any domain groups present in the local administrators group (e.g., members of Domain Admins). Make sure you replace the <name of the server in question> part in the first command with the name of the server you want the list of administrators for, without the angle brackets.
$group = [ADSI]"WinNT://<name of server in question>/Administrators"
@($group.Invoke("Members")) | foreach {$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)}
@($group.Invoke("Members")) | foreach {$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)} | Get-ADGroupMember | ft
You will get errors from the third command because it will not be able to process all the objects handed to it (e.g., the local administrator account).
