Te copio una función que cumple tus requerimientos. Para obtener el listado de máquinas edita la línea Get-ADComputer según la OU donde tengas tus máquinas.
Function Get-UsrServer {
<#
.SYNOPSIS
Esta función permite obtener los usuarios y grupos de un servidor.
.PARAMETER Servers
Es el nombre del servidor
.Author
Pablo Ortiz ortiz.pablo@gmail.com
.EXAMPLE
Muestra los grupos y usuarios del <servidor> desde donde se corre el Script
- Get-UsrServer
.EXAMPLE
Muestra los grupos y usuarios del servidor y nos muestra en la *pantalla*
- Get-UsrServer SERVIDOR01 ó Get-UsrServer "SERVIDOR01"
.EXAMPLE
Muestra los grupos y usuarios del servidor y los direcciona a un *archivo*
- Get-UsrServer SERVIDOR01 >c:\salida.txt
.EXAMPLE
Muestra los grupos y usuarios de los servidores que se listan en un archivo que se pasa como parámetro
- foreach ($Server in Get-Content C:\ListaServidores.txt) {Get-UsrServer $Server}G
.EXAMPLE
Muestra los grupos y usuarios de los servidores que se pasen como una lista de parámetros
- Get-UsrServer SERVIDOR01, SERVIDOR02, SERVIDOR03
.OUTPUTS
La salida muestra el servidor, el grupo y el usuario separado por ";" para fines operativos posteriores
Servidor; Grupo; Usuario
Ejemplo de salida:
SERVIDOR01;Administrators;Administrator
SERVIDOR01;Administrators;Grp_Administrators
SERVIDOR01;Guests;Guest
SERVIDOR01;Users;INTERACTIVE
SERVIDOR01;Users;Authenticated Users
SERVIDOR01;Users;Domain Users
.NOTES
Requiere que los servidores tengan el servicio de WinRM ok, si no muestra información revisar la siguiente lista de comprobación
1.- Hacer Ping al <Servidor>
2.- Ejecutar Test-WsMan <Servidor>
3.- Intendar hacerlo con el URI completo <Servidor>.<dominio>.<com>
#>
PARAM(
[Parameter(Mandatory=$False, ValueFromPipeline=$true)][String[]]$Servers=$env:computername
)
BEGIN { #Begin Function Get-UsrServer
$now=Get-Date
$MaxPWSet = (Get-ADDefaultDomainPasswordPolicy).MaxPasswordAge
$net = new-object net.sockets.tcpclient
foreach ($Server in $Servers) {
try {$net.Connect($Server,135)} catch {}
if($net.Connected){
$Results = @()
#Only Groups in the Server
$Groups=Get-WmiObject Win32_Group -Filter "LocalAccount=True and Status<>''" -ComputerName $Server -ErrorAction Ignore
ForEach($Group in $Groups) {
$GroupDomain = $Group.Domain
$GroupName = $Group.Name
$GroupDescription = $Group.Description
$GroupStatus = $Group.status
$Members=Get-WmiObject -ComputerName $Server -Query "SELECT * FROM Win32_GroupUser WHERE GroupComponent=`"Win32_Group.Domain='$GroupDomain',Name='$GroupName'`"" -ErrorAction
Ignore
ForEach ($Member in $Members) {
$MemberDomain = $Member.PartComponent.Split(",")[0].Split("=")[1].replace('"','')
$MemberName = $Member.PartComponent.Split(",")[1].Split("=")[1].replace('"','')
$LastLogIn = ''
If($Member.PartComponent.Contains("Win32_UserAccount")){
#Users inside server groups
If($MemberDomain -eq $Server) {
#If member user is a local account
$Type = 'Local User'
[ADSI]$AccountLk=”WinNT://$Server/$MemberName”
$Account=Get-WmiObject -Query "select * from win32_account where name='$MemberName' and domain='$MemberDomain'"
-ComputerName $Server -ErrorAction Ignore
}
Else {
#Is a Domain Account
$Type ='Domain User'
[ADSI]$AccountLk=”WinNT://$MemberDomain/$MemberName”
$Account=Get-WmiObject -Query "select * from win32_account where name='$MemberName' and domain='$MemberDomain'"
-ErrorAction Ignore
} #End Else Domain User
try{[String]$LastLogIn = $AccountLk.LastLogIn} Catch{$LastLogIn='Never Login'}
try{$PasswordLastSet = $now.AddSeconds(-$AccountLk.PasswordAge.Value)} Catch{$PasswordLastSet = ''}
try{$NextPWDChg = $now.AddSeconds($AccountLk.MaxPasswordAge.value - $AccountLk.PasswordAge.value)}
Catch{$NextPWDChg = ''}
$MemberType = $Account.AccountType
$PasswordRequired = $Account.PasswordRequired
$PasswordExpires = $Account.PasswordExpires
$PasswordChangeable = $Account.PasswordChangeable
$Disabled = $Account.Disabled
}
Else {
#Groups inside server groups
If($Member.PartComponent.Contains("Win32_Group")) {
If($MemberDomain -eq $Server) {
#Local Group
$Type ='Local Group'
$Account=Get-WmiObject -Query "select * from win32_account where name='$MemberName' and domain='$MemberDomain'"
-ComputerName $Server -ErrorAction Ignore
} Else {
#Domain Group
$Type ='Domain Group'
$Account=Get-WmiObject -Query "select * from win32_account where name='$MemberName' and domain='$MemberDomain'"
-ErrorAction Ignore
} #End else If Groups
$PasswordLastSet = 'N/A'
$NextPWDChg = 'N/A'
$LastLogOn = 'N/A'
$MemberType = 'N/A'
$PasswordRequired = 'N/A'
$PasswordExpires = 'N/A'
$PasswordChangeable = 'N/A'
$Disabled = 'N/A'
}#End If Groups
} #End Else Members
$MemberStatus = $Account.Status
$MemberDescription = $Account.Description
$FullName = $Account.FullName
If($PasswordExpires) {$NextPWDChg="Never Expire"}
$Properties = @{
ComputerName = $Server
GroupName = $GroupName
GroupDescription = $GroupDescription
GroupStatus = $Groupstatus
MemberDomain = $MemberDomain
MemberName = $MemberName
MemberStatus = $MemberStatus
MemberDescription = $MemberDescription
MemberLocal = $MemberLocal
MemberAccountType = $MemberType
PasswordLastSet = $PasswordLastSet
NextPasswordChange= $NextPWDChg
LastLogOn = $LastLogIn
MemberType = $Type
PasswordRequired = $PasswordRequired
PasswordExpires = $PasswordExpires
PasswordChangeable= $PasswordChangeable
MemberFullName = $FullName
MemberDisabled = $Disabled
TimeStamp = $now
}#End Properties
If(-not $Member.PartComponent.Contains("Win32_System")) {
$PSobject = New-Object -TypeName psobject -Property $Properties
$results += $PSobject
}
} #End ForEach Members
} #End For Groups
$results
} #End if connected
} #End Servers
} #Final BEGIN - END
} #End Function Get-UsrServer
#Obtiene un listado de todas las máquinas en las OU seleccionadas y guarda en Servers.txt las que responden a ping
Get-ADComputer -Filter * -Property * | Where { $_.DistinguishedName -like "*OU=SERVIDORES*" -or $_.DistinguishedName -like "*OU=DOMAIN CONTROLLERS*"} | ForEach-Object {
$rtn = Test-Connection -CN $_.Name -Count 1 -Quiet
IF($rtn -match 'True') { Out-File "C:\Servers.txt" -InputObject $_.Name -Append }
ELSE { Out-File "C:\NoConnection.txt" -InputObject $_.Name -Append }
}
ForEach ($Server in Get-Content "C:\Servers.txt") {
try {
#Extraer Grupos y usuarios locales y de dominio de cada máquina a un CSV
Get-UsrServer $Server -EA SilentlyContinue |
Select-Object -Property ComputerName, GroupName, GroupDescription, GroupStatus,MemberType, `
MemberDomain, MemberName, MemberFullName, MemberStatus, MemberDescription,`
MemberAccountType, MemberDisabled,PasswordLastSet, NextPasswordChange, LastLogon, `
PasswordRequired, PasswordExpires, PasswordChangeable -EA SilentlyContinue |
Export-Csv -Append -Path "C:\ServerGroups.CSV" -NoTypeInformation -EA SilentlyContinue
}
catch {}
}
