bsharath
asked on
Domain Admin from Administrator
Hi,
I need to find who all users do not have Domain Admin rights on the computer.Some users remove the Domain Admin rights from the Administrator/Username.Ple ase guide to to find a way who all have removed it or a way to give these rights remotely.
Regards
Sharath
I need to find who all users do not have Domain Admin rights on the computer.Some users remove the Domain Admin rights from the Administrator/Username.Ple
Regards
Sharath
Save this as FindAdmins.vbs and run it by double-clicking it.
The only piece that needs to be changed is
'LDAP://dc=fabrikam,dc=com - to match your domain...
On Error Resume Next
Const ADS_SCOPE_SUBTREE = 2
Dim objFSO:Set objFSO=CreateObject("Scrip ting.FileS ystemObjec t")
Dim objOutput: Set objOutput=objFSO.CreateTex tFile("C:\ AdminRepor t.txt")
Set objConn = CreateObject("ADODB.Connec tion")
Set objCmd = CreateObject("ADODB.Comman d")
objConn.Provider = "ADsDSOObject"
objConn.Open "Active Directory Provider"
Set objCmd.ActiveConnection = objConn
objCmd.Properties("Page Size") = 1000
objCmd.Properties("Searchs cope") = ADS_SCOPE_SUBTREE
objCmd.CommandText = _
"SELECT Name, distinguishedName FROM 'LDAP://dc=fabrikam,dc=com ' " _
& "WHERE objectCategory='computer'"
Set objRS = objCmd.Execute
objRS.MoveFirst
Do Until objRS.EOF
Set objGroup = GetObject("WinNT://" & objRS.Fields("Name") & "/Administrators")
objOutput.WriteLine "Administrators on " & objRS.Fields("Name")
For Each objUser in objGroup.Members
objOutput.WriteLine vbTab & objUser.Name
End If
Next
objRS.MoveNext
Loop
objOutput.Close
Set objOutput=Nothing
Set objFSO=Nothing
The only piece that needs to be changed is
'LDAP://dc=fabrikam,dc=com
On Error Resume Next
Const ADS_SCOPE_SUBTREE = 2
Dim objFSO:Set objFSO=CreateObject("Scrip
Dim objOutput: Set objOutput=objFSO.CreateTex
Set objConn = CreateObject("ADODB.Connec
Set objCmd = CreateObject("ADODB.Comman
objConn.Provider = "ADsDSOObject"
objConn.Open "Active Directory Provider"
Set objCmd.ActiveConnection = objConn
objCmd.Properties("Page Size") = 1000
objCmd.Properties("Searchs
objCmd.CommandText = _
"SELECT Name, distinguishedName FROM 'LDAP://dc=fabrikam,dc=com
& "WHERE objectCategory='computer'"
Set objRS = objCmd.Execute
objRS.MoveFirst
Do Until objRS.EOF
Set objGroup = GetObject("WinNT://" & objRS.Fields("Name") & "/Administrators")
objOutput.WriteLine "Administrators on " & objRS.Fields("Name")
For Each objUser in objGroup.Members
objOutput.WriteLine vbTab & objUser.Name
End If
Next
objRS.MoveNext
Loop
objOutput.Close
Set objOutput=Nothing
Set objFSO=Nothing
ASKER
Sirbounty
I get this error
C:\>cscript admin.vbs
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
C:\admin.vbs(23, 5) Microsoft VBScript compilation error: Expected statement
I get this error
C:\>cscript admin.vbs
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
C:\admin.vbs(23, 5) Microsoft VBScript compilation error: Expected statement
Hmm - not sure why that was there...remove this line:
End If (on line 23)
End If (on line 23)
ASKER
Now i get this error.
C:\>cscript a.vbs
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
C:\a.vbs(1, 11) Microsoft VBScript compilation error: Expected end of statement
C:\>cscript a.vbs
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
C:\a.vbs(1, 11) Microsoft VBScript compilation error: Expected end of statement
11 appears to be...objCmd.Properties("Se archscope" ) = ADS_SCOPE_SUBTREE
This should be the full code...
'Start copying here...
On Error Resume Next
Const ADS_SCOPE_SUBTREE = 2
Dim objFSO: Set objFSO = CreateObject("Scripting.Fi leSystemOb ject")
Dim objOutput: Set objOutput = objFSO.CreateTextFile("C:\ AdminRepor t.txt")
Set objConn = CreateObject("ADODB.Connec tion")
Set objCmd = CreateObject("ADODB.Comman d")
objConn.Provider = "ADsDSOObject"
objConn.Open "Active Directory Provider"
Set objCmd.ActiveConnection = objConn
objCmd.Properties("Page Size") = 1000
objCmd.Properties("Searchs cope") = ADS_SCOPE_SUBTREE
objCmd.CommandText = _
"SELECT Name, distinguishedName FROM 'LDAP://dc=fabrikam,dc=com ' " _
& "WHERE objectCategory='computer'"
Set objRS = objCmd.Execute
objRS.MoveFirst
Do Until objRS.EOF
Set objGroup = GetObject("WinNT://" & objRS.Fields("Name") & "/Administrators")
objOutput.WriteLine "Administrators on " & objRS.Fields("Name")
For Each objUser In objGroup.Members
objOutput.WriteLine vbTab & objUser.Name
Next
objRS.MoveNext
Loop
objOutput.Close
Set objOutput = Nothing
Set objFSO = Nothing
This should be the full code...
'Start copying here...
On Error Resume Next
Const ADS_SCOPE_SUBTREE = 2
Dim objFSO: Set objFSO = CreateObject("Scripting.Fi
Dim objOutput: Set objOutput = objFSO.CreateTextFile("C:\
Set objConn = CreateObject("ADODB.Connec
Set objCmd = CreateObject("ADODB.Comman
objConn.Provider = "ADsDSOObject"
objConn.Open "Active Directory Provider"
Set objCmd.ActiveConnection = objConn
objCmd.Properties("Page Size") = 1000
objCmd.Properties("Searchs
objCmd.CommandText = _
"SELECT Name, distinguishedName FROM 'LDAP://dc=fabrikam,dc=com
& "WHERE objectCategory='computer'"
Set objRS = objCmd.Execute
objRS.MoveFirst
Do Until objRS.EOF
Set objGroup = GetObject("WinNT://" & objRS.Fields("Name") & "/Administrators")
objOutput.WriteLine "Administrators on " & objRS.Fields("Name")
For Each objUser In objGroup.Members
objOutput.WriteLine vbTab & objUser.Name
Next
objRS.MoveNext
Loop
objOutput.Close
Set objOutput = Nothing
Set objFSO = Nothing
ASKER
sirbounty:
Sorry for the delay.
This script does not respond once i excecute it is only shows a command prompt blank screen.
Please advice.
THX
Sharath
Sorry for the delay.
This script does not respond once i excecute it is only shows a command prompt blank screen.
Please advice.
THX
Sharath
Should be compiling into C:\AdminReport.txt
Do you see that file? Does it have any data in it?
Do you see that file? Does it have any data in it?
ASKER
The no data in the file i checked that also
ASKER
There is no data in the file i checked that also
THX
Sharath
THX
Sharath
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Another case for Hyena.
You can use it to 'push' the addition of any account (or User Group) to the local Administrator Group on the individual host.
If the account or group is already there, it will just continue to the next computer on the list.
It will also 'log' the activity and give you a report of the results.
Vic