Powershell script to get all local admin members

- August 25, 2010

created multiple sources - works - wanted see comments on have done better.

input - computers in domain. connects them , pulls members of local admin group , writes information csv. slow - works.

thanks input.

import-module activedirectory $computers = get-adcomputer -filter * $localgroupname = "administrators"  $outputdir = "c:\temp" $outputfile = join-path $outputdir "localgroupmembers.csv" write-verbose "script write output $outputfile folder" add-content -path $outputfile -value "computername, localgroupname, status, membertype, memberdomain, membername"  foreach ($computer in $computers)      {         $computername = $computer.name 		if(!(test-connection -computername $computername -count 1 -quiet)) { 			add-content -path $outputfile -value "$computername,$localgroupname,offline" 		continue 		}  		else { 			try { 				$group = [adsi]"winnt://$computername/$localgroupname" 				$members = @($group.invoke("members")) 				if(!$members) { 					add-content -path $outputfile -value "$computer,$localgroupname,nomembersfound" 					continue 				} 			} 			catch { 				add-content -path $outputfile -value "$computername,,failedtoquery" 				continue 			} 			foreach($member in $members) { 				try { 					$membername = $member.gettype().invokemember("name","getproperty",$null,$member,$null) 					$membertype = $member.gettype().invokemember("class","getproperty",$null,$member,$null) 					$memberpath = $member.gettype().invokemember("adspath","getproperty",$null,$member,$null) 					$memberdomain = $null 					if($memberpath -match "^winnt\:\/\/(?<domainname>\s+)\/(?<compname>\s+)\/") { 						if($membertype -eq "user") { 							$membertype = "localuser" 						} elseif($membertype -eq "group"){ 							$membertype = "localgroup" 						} 						$memberdomain = $matches["compname"] 					} elseif($memberpath -match "^winnt\:\/\/(?<domainname>\s+)/") { 						if($membertype -eq "user") { 							$membertype = "domainuser" 						} elseif($membertype -eq "group"){ 							$membertype = "domaingroup" 						} 						$memberdomain = $matches["domainname"] 					} else { 						$membertype = "unknown" 						$memberdomain = "unknown" 					} 					if ($membername -notlike "domain admins" -and $membername -notlike "enterprise admins" -and $membername -notlike "redtower1"-and $membername -notlike "administrator" -and $membername -notlike "workstationadmins" -and $membername -notlike "serveradmins")	{ 					add-content -path $outputfile -value "$computername, $localgroupname, success, $membertype, $memberdomain, $membername" 					} 				} catch { 				add-content -path $outputfile -value "$computer,,failedquerymember" 				}     		} 		} 		}

much faster , runs in parallel.

workflow getadmins{           $group = [adsi]"winnt://$pscomputername/administrators"     $members = @($group.invoke("members"))      foreach($member in $members){         $adspath=$member.gettype().invokemember("adspath","getproperty",$null,$member,$null)         $domain=($adspath -split '/')[-2]          if($domain -eq $pscomputername){             $accounttype='local'         }else{             $accounttype='domain'         }           [pscustomobject]@{             domain=$domain             samaccountname=($adspath -split '/')[-1]             class=$member.gettype().invokemember("class","getproperty",$null,$member,$null)             accounttype=$accounttype         }     } } getadmins -pscomputername ws701,ws702|select pscomputername,domain,samaccountname

\_(ツ)_/

Windows Server > Windows PowerShell

Search This Blog

My fan

Powershell script to get all local admin members

Comments

Post a Comment

Popular posts from this blog

Motherboard replacement

Cannot create Full Text Search catalog after upgrading to V12 - Database is not fully started up or it is not in an ONLINE state

Remote Desktop App - Error 0x207 or 0x607