• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 264
  • Last Modified:

I want to know who all in my network have remove there domain admin from the administrator group

Hi,

I want to know who all in my network have remove there domain admin from the administrator group.Is there any way i can find this.

Regards
Sharath
0
bsharath
Asked:
bsharath
  • 10
  • 6
  • 2
1 Solution
 
William ElliottSr Tech GuruCommented:
use a login script


net localgroup Administrators | find /i "DOMAIN\Domain Admins" > nul
if not %errorlevel%==0 (
net localgroup Administrators "DOMAIN\Domain Admins" /add > nul
)
0
 
PKundtzCommented:
Active Directory has a Group Policy to restrict users in the local Administrators group.  The GPO is called Restricted Groups.  It's located in Computer Configuration - Security Settings.  Please read this article to see if this choice is best for you: http://www.windowsecurity.com/articles/Using-Restricted-Groups.html.   The instructions are simple:

Right click Restricted Groups and select Add Group
Call it Administrators
Select every account you want to have administration rights (both local and domain accounts).

This will wipe out the Administrators group on all the computers you apply it to and make the accounts in your list the only administrators.  Remember to TEST any GPO on a few systems before deploying to your entire network.

0
 
bsharathAuthor Commented:
I just want to find who all have removed.Is there a way to find this.
0
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

 
William ElliottSr Tech GuruCommented:
here is a script that will tell you all who does have it..


strreadfile = "c:\computers.txt" 'the file with the list of computernames. one per line
strwritefile = "C:\results.txt" ' the results file  = computername tabdelimited  yes/no

Set fso = CreateObject("Scripting.FileSystemObject")
Set fsoReadComputerList = fso.OpenTextFile(strreadfile, 1, TristateFalse)
aryComputers = Split(fsoReadComputerList.ReadAll, vbCrLf)
fsoReadComputerList.Close

Set objoutputFile = fso.CreateTextFile(strwritefile, True)

For Each strComputer In aryComputers
      
      Set colGroups = GetObject("WinNT://" & strComputer & "")
      colGroups.Filter = Array("group")
      For Each objGroup In colGroups
            For Each objUser in objGroup.Members
                  If lcase(Right(objUser.Name,13)) = lcase("Domain Admins") then
                  objoutputFile.writeline strcomputer
                  else
                  End If
            Next
      Next
next
0
 
bsharathAuthor Commented:
Will the script tell me who have domain admin's or do not have.
I want to know who do not have domain admin.
0
 
PKundtzCommented:
Maybe I don't understand your question.  Do you want to know who has or doesn't have domain admin rights?  Are you a domain admin on your network?

0
 
William ElliottSr Tech GuruCommented:
the script can be run from your main desktop
the script will parse through the systems in the computers.txt and give you all the computers that DO have Domain admin in the local group
..
i can try to setup a compare script to remove the ones that do have it from the main script.

but i am guessing that if the systems don't have domain admin in their group, then you won't be able to connect to them.


my original script at the top can be run within the login script and would possibly be more beneficial.
0
 
bsharathAuthor Commented:
I am a domain admin.
Ok then is it possible to remove all machines in the file which has domain admin and leave only the machines which dont have domain admins
0
 
William ElliottSr Tech GuruCommented:
strreadfile = "c:\computers.txt" 'the file with the list of computernames. one per line
strwritefile = "C:\DA_yes.txt" ' With Domain Admin
strwritefile2 = "C:\not_DA_yes.txt" ' Not with Domain admin (or couldn't connect to)
on error resume next
Set fso = CreateObject("Scripting.FileSystemObject")
Set fsoReadComputerList = fso.OpenTextFile(strreadfile, 1, TristateFalse)
aryComputers = Split(fsoReadComputerList.ReadAll, vbCrLf)
fsoReadComputerList.Close

Set objoutputFile = fso.CreateTextFile(strwritefile, True)

For Each strComputer In aryComputers
     
      Set colGroups = GetObject("WinNT://" & strComputer & "")
      colGroups.Filter = Array("group")
      For Each objGroup In colGroups
            For Each objUser in objGroup.Members
                  If lcase(Right(objUser.Name,13)) = lcase("Domain Admins") then
                  objoutputFile.writeline strcomputer
                  else
                  End If
            Next
      Next
next
objoutputFile.close

' borrowed from one of sirbounty's posts
Dim objFSO: Set objFSO = CreateObject("Scripting.FileSystemObject")
Dim File1: Set File1 = objFSO.OpenTextFile(strreadfile)
file2 = objFSO.OpenTextFile(strwritefile).ReadAll
Dim objOutput: Set objOutput = objFSO.CreateTextFile(strwritefile2)

Do While Not File1.AtEndOfStream
  strRead = File1.ReadLine
  If InStr(file2, strRead) = 0 Then objOutput.WriteLine strRead
Loop

File1.Close

File1 = objFSO.OpenTextFile(strreadfile).ReadAll
Set file2 = objFSO.OpenTextFile(strwritefile)

Do While Not file2.AtEndOfStream
  strRead = file2.ReadLine
  If InStr(File1, strRead) = 0 Then objOutput.WriteLine strRead
Loop

objOutput.Close
file2.Close

Set objOutput = Nothing
Set file2 = Nothing
Set File1 = Nothing
Set objFSO = Nothing
0
 
bsharathAuthor Commented:
I get each name 2 times in the results txt file.

LEUKES
LEUKES
LEUKINT
LEUKINT
DEV-CHEN-SRV05
DEV-CHEN-SRV05
0
 
William ElliottSr Tech GuruCommented:
in the latest script there is no results.txt file
0
 
bsharathAuthor Commented:
What i meant to say is this file.

DA_yes.txt
I have some names coming 2 to 3 times repeated.
0
 
William ElliottSr Tech GuruCommented:
what shows up in the DA_not yes?
0
 
bsharathAuthor Commented:
Shows the computernames.All are repeated 2 or 3 times.
0
 
William ElliottSr Tech GuruCommented:
let me explain the logic of the script for a moment the code snippits will have >>> in front of them

>>> For Each strComputer In aryComputers

straight forward. for each computer in the array do the following stuff. the array of computers is pulled from the text file

>>>      Set colGroups = GetObject("WinNT://" & strComputer & "")

set colgroups to equal all the local groups in the computer that we are looking at

>>>      colGroups.Filter = Array("group")

filter the groups into an array, so we can parse through it.

>>>      For Each objGroup In colGroups

now for each object in the array of groups do the following

>>>            For Each objUser in objGroup.Members

parse through each member of the particular group we are looking through

>>>                  If lcase(Right(objUser.Name,13)) = lcase("Domain Admins") then

if
lcase which means lowercase
right(variable, 13) means to count 13 charactors starting from the right side
objuser.name is the name of the account that is a member of the group
all of that equals
lcase("domain admins")
then do the following

>>>                  objoutputFile.writeline strcomputer

write a line to the output file.


this is where it will list it a few times,... some assumptions could be that you  have a rtust to many different domains and therefore the domain admin name will be in the cmoputer many times.
domain1\domain admins
domain2\domain admins
domain3\domain admins

looks at the actuall local groups to determine if this is true
0
 
William ElliottSr Tech GuruCommented:
just put 3 names in the computer list  and run this script

let me see the allresults.txt

strreadfile = "c:\computers.txt" 'the file with the list of computernames. one per line
strwritefile = "c:\allresults.txt"
'on error resume next
strresults = "" 
Set fso = CreateObject("Scripting.FileSystemObject")
Set fsoReadComputerList = fso.OpenTextFile(strreadfile, 1, TristateFalse)
aryComputers = Split(fsoReadComputerList.ReadAll, vbCrLf)
fsoReadComputerList.Close
Set objoutputFile = fso.CreateTextFile(strwritefile, True)
For Each strComputer In aryComputers
      Set colGroups = GetObject("WinNT://" & strComputer & "")
      colGroups.Filter = Array("group")
      For Each objGroup In colGroups
            For Each objUser in objGroup.Members
                        strresults = strresults & strcomputer & " : " & objgroup.name & " : " & objuser.name & vbcrlf
            Next
      Next
wscript.echo strresults
objoutputFile.writeline strresults
strresults = "" 
next
objoutputFile.close
0
 
William ElliottSr Tech GuruCommented:
the results are in the forms of

computername : groupname : Name of the group member
0
 
William ElliottSr Tech GuruCommented:
i added two more lines to look only in the "administrators" group.. maybe this will reduce the duplicates






strreadfile = "c:\computers.txt" 'the file with the list of computernames. one per line
strwritefile = "C:\DA_yes.txt" ' With Domain Admin
strwritefile2 = "C:\not_DA_yes.txt" ' Not with Domain admin (or couldn't connect to)
on error resume next
Set fso = CreateObject("Scripting.FileSystemObject")
Set fsoReadComputerList = fso.OpenTextFile(strreadfile, 1, TristateFalse)
aryComputers = Split(fsoReadComputerList.ReadAll, vbCrLf)
fsoReadComputerList.Close
Set objoutputFile = fso.CreateTextFile(strwritefile, True)
For Each strComputer In aryComputers
      Set colGroups = GetObject("WinNT://" & strComputer & "")
      colGroups.Filter = Array("group")
      For Each objGroup In colGroups
            If objgroup.name = "Administrators" then
                        For Each objUser in objGroup.Members
                                If lcase(Right(objUser.Name,13)) = lcase("Domain Admins") then
                                objoutputFile.writeline strcomputer
                                else
                                End If
                        Next
                  else
                  End if
      Next
next
objoutputFile.close

' borrowed from one of sirbounty's posts
Dim objFSO: Set objFSO = CreateObject("Scripting.FileSystemObject")
Dim File1: Set File1 = objFSO.OpenTextFile(strreadfile)
file2 = objFSO.OpenTextFile(strwritefile).ReadAll
Dim objOutput: Set objOutput = objFSO.CreateTextFile(strwritefile2)
Do While Not File1.AtEndOfStream
  strRead = File1.ReadLine
  If InStr(file2, strRead) = 0 Then objOutput.WriteLine strRead
Loop
File1.Close
File1 = objFSO.OpenTextFile(strreadfile).ReadAll
Set file2 = objFSO.OpenTextFile(strwritefile)
Do While Not file2.AtEndOfStream
  strRead = file2.ReadLine
  If InStr(File1, strRead) = 0 Then objOutput.WriteLine strRead
Loop
objOutput.Close
file2.Close
Set objOutput = Nothing
Set file2 = Nothing
Set File1 = Nothing
Set objFSO = Nothing
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 10
  • 6
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now