Solved

Query all machines in a Domain for Local Group Membership

Posted on 2011-02-18
9
1,090 Views
Last Modified: 2012-05-11
Can someone help please. I have been asked to create a list of all users with RDP and Local Admin access by machine in our Domain.

I would like to run this as an LDAP query. Our OU system is pretty well organised. So I could run this against an OU rather than the entire Domain if that is easier to code.
The results need to be in the format:

Machine Name - Local Group Name - Username

Many Thanks

0
Comment
Question by:mikevr6
  • 4
  • 3
9 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34926543
There is no LDAP query you can use to give the local group memberships on servers and workstations.  That info is not stored in AD.

You would need some sort of script like in this question  

http://www.experts-exchange.com/Programming/System/Windows__Programming/Q_24405443.html

Thanks

Mike
0
 

Author Comment

by:mikevr6
ID: 34926696
Thanks Mike.

I found some code which is suitable in that thread. It will read in the Computer names by OU and query the Local Administrators Group. I have also created a second Script that will read the Remote Desktop Users membership. I would like to combine these into one and crucially, not quit when it cannot connect to a computer.

Const ADS_SCOPE_ONELEVEL = 1
 
Set oConn = CreateObject("ADODB.Connection")
Set oCommand = CreateObject("ADODB.Command")
oConn.Provider = "ADsDSOObject"
oConn.Open "Active Directory Provider"
Set oCommand.ActiveConnection = oConn
 
oCommand.Properties("Page Size") = 1000
oCommand.Properties("Searchscope") = ADS_SCOPE_ONELEVEL
 
sOU = "'LDAP://ou=Servers,dc=test,dc=example,dc=com'"
 
oCommand.CommandText = "SELECT Name, ADsPath FROM " & sOU & _
" WHERE objectCategory ='computer'"
Set oRecordSet = oCommand.Execute
oRecordSet.MoveFirst
Do Until oRecordSet.EOF
WScript.Echo "List of member of local Administrators group for " & oRecordSet.Fields("Name").Value
Set oLocalAdmins = GetObject("WinNT://" & oRecordSet.Fields("Name").Value & "/Administrators")
For Each oLocalAdmin in oLocalAdmins.Members
WScript.Echo oLocalAdmin.Name
Next
oRecordSet.MoveNext
Loop
0
 

Author Comment

by:mikevr6
ID: 34941614
A quick 500 points for someone who can add the "Remote Desktop Users" group to the output and stop the script quitting when it can't contact a machine.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 65

Expert Comment

by:RobSampson
ID: 34947646
Hi there, see if this works for you.

Regards,

Rob.
arrGroups = Array("Administrators", "Remote Desktop Users")
strOutput = "GroupMembers.csv"

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objOutput = objFSO.CreateTextFile(strOutput, True)
objOutput.WriteLine """COMPUTER"",""GROUP NAME"",""MEMBER NAME"""

Const ADS_SCOPE_ONELEVEL = 1 
 
Set oConn = CreateObject("ADODB.Connection") 
Set oCommand = CreateObject("ADODB.Command") 
oConn.Provider = "ADsDSOObject" 
oConn.Open "Active Directory Provider" 
Set oCommand.ActiveConnection = oConn 
 
oCommand.Properties("Page Size") = 1000 
oCommand.Properties("Searchscope") = ADS_SCOPE_ONELEVEL 
 
sOU = "'LDAP://ou=Servers,dc=test,dc=example,dc=com'"
 
For Each strGroup In arrGroups
	oCommand.CommandText = "SELECT Name, ADsPath FROM " & sOU & " WHERE objectCategory ='computer'" 
	Set oRecordSet = oCommand.Execute
	oRecordSet.MoveFirst
	Do Until oRecordSet.EOF
		'WScript.Echo "List of member of local Administrators group for " & oRecordSet.Fields("Name").Value 
		Set oLocalAdmins = GetObject("WinNT://" & oRecordSet.Fields("Name").Value & "/" & strGroup) 
		For Each oLocalAdmin in oLocalAdmins.Members 
			objOutput.WriteLine """" & oRecordSet.Fields("Name").Value & """,""" & strGroup & """,""" & oLocalAdmin.Name
		Next 
		oRecordSet.MoveNext
	Loop
Next
objOutput.Close

MsgBox "Done. Please see " & strOutput

Open in new window

0
 

Author Comment

by:mikevr6
ID: 34950210
Hi Rob,

Thanks very much. This is checking the Admin and RDP users fine.
However, when I run it against our test OU, which contains 3 servers, it stops after checking the first server.
Can you also change the formatting of the report, so it uses the Group Name and Member name columns correctly? We're nearly there :)
I've attached the output of my test.
Many Thanks GroupMembers.csv
0
 
LVL 65

Accepted Solution

by:
RobSampson earned 500 total points
ID: 34957379
Hi, try this. It should work much better.

Regards,

Rob.
arrGroups = Array("Administrators", "Remote Desktop Users")
strOutput = "GroupMembers.csv"

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objOutput = objFSO.CreateTextFile(strOutput, True)
objOutput.WriteLine """COMPUTER"",""GROUP NAME"",""MEMBER NAME"""

Const ADS_SCOPE_ONELEVEL = 1 
 
Set oConn = CreateObject("ADODB.Connection") 
Set oCommand = CreateObject("ADODB.Command") 
oConn.Provider = "ADsDSOObject" 
oConn.Open "Active Directory Provider" 
Set oCommand.ActiveConnection = oConn 
 
oCommand.Properties("Page Size") = 1000 
oCommand.Properties("Searchscope") = ADS_SCOPE_ONELEVEL 
 
sOU = "'LDAP://ou=Servers,dc=test,dc=example,dc=com'"

oCommand.CommandText = "SELECT Name, ADsPath FROM " & sOU & " WHERE objectCategory ='computer'" 
Set oRecordSet = oCommand.Execute
oRecordSet.MoveFirst
Do Until oRecordSet.EOF
	strComputer = oRecordSet.Fields("Name").Value
	If Ping(strComputer) = True Then
		For Each strGroup In arrGroups
			'WScript.Echo "List of member of local Administrators group for " & strComputer
			On Error Resume Next
			Set oLocalAdmins = GetObject("WinNT://" & strComputer & "/" & strGroup) 
			If Err.Number = 0 Then
				On Error GoTo 0
				For Each oLocalAdmin in oLocalAdmins.Members 
					objOutput.WriteLine """" & strComputer & """,""" & strGroup & """,""" & oLocalAdmin.Name & """"
				Next
			Else
				objOutput.WriteLine """" & strComputer & """,""" & strGroup & """,""Error " & Err.Number & ": " & Err.Description & """"
				Err.Clear
				On Error GoTo 0
			End If
		Next
	Else
		objOutput.WriteLine """" & strComputer & """,""" & strGroup & """,""OFFLINE"""
	End If
	oRecordSet.MoveNext
Loop
objOutput.Close

MsgBox "Done. Please see " & strOutput

Function Ping(strComputer)
	Dim objShell, boolCode
	Set objShell = CreateObject("WScript.Shell")
	boolCode = objShell.Run("Ping -n 1 -w 300 " & strComputer, 0, True)
	If boolCode = 0 Then
		Ping = True
	Else
		Ping = False
	End If
End Function

Open in new window

0
 

Author Closing Comment

by:mikevr6
ID: 34958933
Fantastic! Thanks for your efforts Mike and especially Rob! Genius!!
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 34958981
No worries. Thanks for the grade.

Regards,

Rob.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
MS Endpoint Protection 2 25
excel 2016 program to loop through scripts 6 35
excel 2016 program to loop through scripts to apply filename 2 22
Problem to setup GUI 11 33
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

822 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question