locked
Scanning active directory and check for local admin - *New to scripting* RRS feed

  • General discussion

  • Hi,

    I would like to import AD (active directory) into a text file. Once that is done, i want to use a script to check for local admin. I'm very new to scripting and could use some help. Here is what i have so far:

    Get-ADComputer -Filter *All computer objects:
    Get-ADComputer -Filter *

    ###################################

    Save ADComputer name to file. Saveing to a excel file would be great. But a txt will work as well.   

    ###################################

    $server = Read-Host "What is the server name?"
    $computer = [ADSI](”WinNT://” + $server + “,computer”)
    $Group = $computer.psbase.children.find(”Administrators”)
    $members = ($Group.psbase.invoke(”Members”) | %{$_.GetType().InvokeMember(”Adspath”, ‘GetProperty’, $null, $_, $null)}) -replace ('WinNT://DOMAIN/' + $server + '/'), '' -replace ('WinNT://DOMAIN/', 'DOMAIN\') -replace ('WinNT://', '')
    $members 

    ###################################

    Save scanned AD Computer and user to file. Saveing to a excel file would be great. But a txt will work as well.   


    ###################################

    Tuesday, December 26, 2017 9:30 PM

All replies

  • A script similar to below outputs the computer names and direct members of the local Administrators groups to a comma delimited file, which can be read by Excel:

    # Retrieve all computer objects.
    $Computers = Get-ADComputers -Filter *
    
    # Define an array.
    $obj = @()
    
    #Enumerate computers.
    ForEach ($Computer In $Computers)
    {
        $ComputerName = $Computer.Name
        # Retrieve the local Administrators group.
        $Group = [ADSI]"WinNT://$ComputerName/Administrators,group"
        # Retrieve members of the group.
        $Members= $Group.psbase.invoke("Members")
        # Retrieve member names.
        $MemberNames = @()
        ForEach ($Member In $Members)
        {
            $MemberNames += $Member.GetType().InvokeMember("Name", 'GetProperty', $Null, $Member, $Null)
        }
        $obj += New-Object -Type PSObject -Property (
            @{
                "Computer" = $ComputerName
                "AdminMembers" = $MemberNames -Join ";"
            }
        )
    }
    $obj | Export-Csv "myfile.csv" -NoType

    Edit: If the NetBIOS name of your computers can be different from their Name (the value of the cn attribute), then use:

    $ComputerName = $Computer.sAMAccountName.Replace("$", "")


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)



    Wednesday, December 27, 2017 2:17 AM