[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

I want to know who all in my network have remove there domain admin from the administrator group

Posted on 2007-07-27
18
Medium Priority
?
262 Views
Last Modified: 2010-03-05
Hi,

I want to know who all in my network have remove there domain admin from the administrator group.Is there any way i can find this.

Regards
Sharath
0
Comment
Question by:bsharath
  • 10
  • 6
  • 2
18 Comments
 
LVL 19

Expert Comment

by:weellio
ID: 19583963
use a login script


net localgroup Administrators | find /i "DOMAIN\Domain Admins" > nul
if not %errorlevel%==0 (
net localgroup Administrators "DOMAIN\Domain Admins" /add > nul
)
0
 
LVL 2

Expert Comment

by:PKundtz
ID: 19585644
Active Directory has a Group Policy to restrict users in the local Administrators group.  The GPO is called Restricted Groups.  It's located in Computer Configuration - Security Settings.  Please read this article to see if this choice is best for you: http://www.windowsecurity.com/articles/Using-Restricted-Groups.html.   The instructions are simple:

Right click Restricted Groups and select Add Group
Call it Administrators
Select every account you want to have administration rights (both local and domain accounts).

This will wipe out the Administrators group on all the computers you apply it to and make the accounts in your list the only administrators.  Remember to TEST any GPO on a few systems before deploying to your entire network.

0
 
LVL 11

Author Comment

by:bsharath
ID: 19586116
I just want to find who all have removed.Is there a way to find this.
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 19

Expert Comment

by:weellio
ID: 19586480
here is a script that will tell you all who does have it..


strreadfile = "c:\computers.txt" 'the file with the list of computernames. one per line
strwritefile = "C:\results.txt" ' the results file  = computername tabdelimited  yes/no

Set fso = CreateObject("Scripting.FileSystemObject")
Set fsoReadComputerList = fso.OpenTextFile(strreadfile, 1, TristateFalse)
aryComputers = Split(fsoReadComputerList.ReadAll, vbCrLf)
fsoReadComputerList.Close

Set objoutputFile = fso.CreateTextFile(strwritefile, True)

For Each strComputer In aryComputers
      
      Set colGroups = GetObject("WinNT://" & strComputer & "")
      colGroups.Filter = Array("group")
      For Each objGroup In colGroups
            For Each objUser in objGroup.Members
                  If lcase(Right(objUser.Name,13)) = lcase("Domain Admins") then
                  objoutputFile.writeline strcomputer
                  else
                  End If
            Next
      Next
next
0
 
LVL 11

Author Comment

by:bsharath
ID: 19587261
Will the script tell me who have domain admin's or do not have.
I want to know who do not have domain admin.
0
 
LVL 2

Expert Comment

by:PKundtz
ID: 19587428
Maybe I don't understand your question.  Do you want to know who has or doesn't have domain admin rights?  Are you a domain admin on your network?

0
 
LVL 19

Expert Comment

by:weellio
ID: 19587480
the script can be run from your main desktop
the script will parse through the systems in the computers.txt and give you all the computers that DO have Domain admin in the local group
..
i can try to setup a compare script to remove the ones that do have it from the main script.

but i am guessing that if the systems don't have domain admin in their group, then you won't be able to connect to them.


my original script at the top can be run within the login script and would possibly be more beneficial.
0
 
LVL 11

Author Comment

by:bsharath
ID: 19587520
I am a domain admin.
Ok then is it possible to remove all machines in the file which has domain admin and leave only the machines which dont have domain admins
0
 
LVL 19

Expert Comment

by:weellio
ID: 19588329
strreadfile = "c:\computers.txt" 'the file with the list of computernames. one per line
strwritefile = "C:\DA_yes.txt" ' With Domain Admin
strwritefile2 = "C:\not_DA_yes.txt" ' Not with Domain admin (or couldn't connect to)
on error resume next
Set fso = CreateObject("Scripting.FileSystemObject")
Set fsoReadComputerList = fso.OpenTextFile(strreadfile, 1, TristateFalse)
aryComputers = Split(fsoReadComputerList.ReadAll, vbCrLf)
fsoReadComputerList.Close

Set objoutputFile = fso.CreateTextFile(strwritefile, True)

For Each strComputer In aryComputers
     
      Set colGroups = GetObject("WinNT://" & strComputer & "")
      colGroups.Filter = Array("group")
      For Each objGroup In colGroups
            For Each objUser in objGroup.Members
                  If lcase(Right(objUser.Name,13)) = lcase("Domain Admins") then
                  objoutputFile.writeline strcomputer
                  else
                  End If
            Next
      Next
next
objoutputFile.close

' borrowed from one of sirbounty's posts
Dim objFSO: Set objFSO = CreateObject("Scripting.FileSystemObject")
Dim File1: Set File1 = objFSO.OpenTextFile(strreadfile)
file2 = objFSO.OpenTextFile(strwritefile).ReadAll
Dim objOutput: Set objOutput = objFSO.CreateTextFile(strwritefile2)

Do While Not File1.AtEndOfStream
  strRead = File1.ReadLine
  If InStr(file2, strRead) = 0 Then objOutput.WriteLine strRead
Loop

File1.Close

File1 = objFSO.OpenTextFile(strreadfile).ReadAll
Set file2 = objFSO.OpenTextFile(strwritefile)

Do While Not file2.AtEndOfStream
  strRead = file2.ReadLine
  If InStr(File1, strRead) = 0 Then objOutput.WriteLine strRead
Loop

objOutput.Close
file2.Close

Set objOutput = Nothing
Set file2 = Nothing
Set File1 = Nothing
Set objFSO = Nothing
0
 
LVL 11

Author Comment

by:bsharath
ID: 19589963
I get each name 2 times in the results txt file.

LEUKES
LEUKES
LEUKINT
LEUKINT
DEV-CHEN-SRV05
DEV-CHEN-SRV05
0
 
LVL 19

Expert Comment

by:weellio
ID: 19589996
in the latest script there is no results.txt file
0
 
LVL 11

Author Comment

by:bsharath
ID: 19589999
What i meant to say is this file.

DA_yes.txt
I have some names coming 2 to 3 times repeated.
0
 
LVL 19

Expert Comment

by:weellio
ID: 19590039
what shows up in the DA_not yes?
0
 
LVL 11

Author Comment

by:bsharath
ID: 19590052
Shows the computernames.All are repeated 2 or 3 times.
0
 
LVL 19

Expert Comment

by:weellio
ID: 19590080
let me explain the logic of the script for a moment the code snippits will have >>> in front of them

>>> For Each strComputer In aryComputers

straight forward. for each computer in the array do the following stuff. the array of computers is pulled from the text file

>>>      Set colGroups = GetObject("WinNT://" & strComputer & "")

set colgroups to equal all the local groups in the computer that we are looking at

>>>      colGroups.Filter = Array("group")

filter the groups into an array, so we can parse through it.

>>>      For Each objGroup In colGroups

now for each object in the array of groups do the following

>>>            For Each objUser in objGroup.Members

parse through each member of the particular group we are looking through

>>>                  If lcase(Right(objUser.Name,13)) = lcase("Domain Admins") then

if
lcase which means lowercase
right(variable, 13) means to count 13 charactors starting from the right side
objuser.name is the name of the account that is a member of the group
all of that equals
lcase("domain admins")
then do the following

>>>                  objoutputFile.writeline strcomputer

write a line to the output file.


this is where it will list it a few times,... some assumptions could be that you  have a rtust to many different domains and therefore the domain admin name will be in the cmoputer many times.
domain1\domain admins
domain2\domain admins
domain3\domain admins

looks at the actuall local groups to determine if this is true
0
 
LVL 19

Expert Comment

by:weellio
ID: 19590104
just put 3 names in the computer list  and run this script

let me see the allresults.txt

strreadfile = "c:\computers.txt" 'the file with the list of computernames. one per line
strwritefile = "c:\allresults.txt"
'on error resume next
strresults = "" 
Set fso = CreateObject("Scripting.FileSystemObject")
Set fsoReadComputerList = fso.OpenTextFile(strreadfile, 1, TristateFalse)
aryComputers = Split(fsoReadComputerList.ReadAll, vbCrLf)
fsoReadComputerList.Close
Set objoutputFile = fso.CreateTextFile(strwritefile, True)
For Each strComputer In aryComputers
      Set colGroups = GetObject("WinNT://" & strComputer & "")
      colGroups.Filter = Array("group")
      For Each objGroup In colGroups
            For Each objUser in objGroup.Members
                        strresults = strresults & strcomputer & " : " & objgroup.name & " : " & objuser.name & vbcrlf
            Next
      Next
wscript.echo strresults
objoutputFile.writeline strresults
strresults = "" 
next
objoutputFile.close
0
 
LVL 19

Expert Comment

by:weellio
ID: 19590112
the results are in the forms of

computername : groupname : Name of the group member
0
 
LVL 19

Accepted Solution

by:
weellio earned 2000 total points
ID: 19590142
i added two more lines to look only in the "administrators" group.. maybe this will reduce the duplicates






strreadfile = "c:\computers.txt" 'the file with the list of computernames. one per line
strwritefile = "C:\DA_yes.txt" ' With Domain Admin
strwritefile2 = "C:\not_DA_yes.txt" ' Not with Domain admin (or couldn't connect to)
on error resume next
Set fso = CreateObject("Scripting.FileSystemObject")
Set fsoReadComputerList = fso.OpenTextFile(strreadfile, 1, TristateFalse)
aryComputers = Split(fsoReadComputerList.ReadAll, vbCrLf)
fsoReadComputerList.Close
Set objoutputFile = fso.CreateTextFile(strwritefile, True)
For Each strComputer In aryComputers
      Set colGroups = GetObject("WinNT://" & strComputer & "")
      colGroups.Filter = Array("group")
      For Each objGroup In colGroups
            If objgroup.name = "Administrators" then
                        For Each objUser in objGroup.Members
                                If lcase(Right(objUser.Name,13)) = lcase("Domain Admins") then
                                objoutputFile.writeline strcomputer
                                else
                                End If
                        Next
                  else
                  End if
      Next
next
objoutputFile.close

' borrowed from one of sirbounty's posts
Dim objFSO: Set objFSO = CreateObject("Scripting.FileSystemObject")
Dim File1: Set File1 = objFSO.OpenTextFile(strreadfile)
file2 = objFSO.OpenTextFile(strwritefile).ReadAll
Dim objOutput: Set objOutput = objFSO.CreateTextFile(strwritefile2)
Do While Not File1.AtEndOfStream
  strRead = File1.ReadLine
  If InStr(file2, strRead) = 0 Then objOutput.WriteLine strRead
Loop
File1.Close
File1 = objFSO.OpenTextFile(strreadfile).ReadAll
Set file2 = objFSO.OpenTextFile(strwritefile)
Do While Not file2.AtEndOfStream
  strRead = file2.ReadLine
  If InStr(File1, strRead) = 0 Then objOutput.WriteLine strRead
Loop
objOutput.Close
file2.Close
Set objOutput = Nothing
Set file2 = Nothing
Set File1 = Nothing
Set objFSO = Nothing
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found listed in my profile here: http:…
INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question