locked
Scanning active directory and check for local admin - *New to scripting* RRS feed

 > 

  • General discussion

  • Discussion
    Sign in to vote
    0
    Sign in to vote

    Hi,

    I would like to import AD (active directory) into a text file. Once that is done, i want to use a script to check for local admin. I'm very new to scripting and could use some help. Here is what i have so far:

    Get-ADComputer -Filter *All computer objects:
    Get-ADComputer -Filter *

    ###################################

    Save ADComputer name to file. Saveing to a excel file would be great. But a txt will work as well.   

    ###################################

    $server = Read-Host "What is the server name?"
    $computer = [ADSI](”WinNT://” + $server + “,computer”)
    $Group = $computer.psbase.children.find(”Administrators”)
    $members = ($Group.psbase.invoke(”Members”) | %{$_.GetType().InvokeMember(”Adspath”, ‘GetProperty’, $null, $_, $null)}) -replace ('WinNT://DOMAIN/' + $server + '/'), '' -replace ('WinNT://DOMAIN/', 'DOMAIN\') -replace ('WinNT://', '')
    $members 

    ###################################

    Save scanned AD Computer and user to file. Saveing to a excel file would be great. But a txt will work as well.   


    ###################################

    Tuesday, December 26, 2017 9:30 PM

All replies

  • Discussion
    Sign in to vote
    0
    Sign in to vote

    A script similar to below outputs the computer names and direct members of the local Administrators groups to a comma delimited file, which can be read by Excel:

    # Retrieve all computer objects.
$Computers = Get-ADComputers -Filter *

# Define an array.
$obj = @()

#Enumerate computers.
ForEach ($Computer In $Computers)
{
    $ComputerName = $Computer.Name
    # Retrieve the local Administrators group.
    $Group = [ADSI]"WinNT://$ComputerName/Administrators,group"
    # Retrieve members of the group.
    $Members= $Group.psbase.invoke("Members")
    # Retrieve member names.
    $MemberNames = @()
    ForEach ($Member In $Members)
    {
        $MemberNames += $Member.GetType().InvokeMember("Name", 'GetProperty', $Null, $Member, $Null)
    }
    $obj += New-Object -Type PSObject -Property (
        @{
            "Computer" = $ComputerName
            "AdminMembers" = $MemberNames -Join ";"
        }
    )
}
$obj | Export-Csv "myfile.csv" -NoType

    Edit: If the NetBIOS name of your computers can be different from their Name (the value of the cn attribute), then use:

    $ComputerName = $Computer.sAMAccountName.Replace("$", "")

    Richard Mueller - MVP Enterprise Mobility (Identity and Access)



    Wednesday, December 27, 2017 2:17 AM