Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Query all machines in a Domain for Local Group Membership

Posted on 2011-02-18
9
Medium Priority
?
1,102 Views
Last Modified: 2012-05-11
Can someone help please. I have been asked to create a list of all users with RDP and Local Admin access by machine in our Domain.

I would like to run this as an LDAP query. Our OU system is pretty well organised. So I could run this against an OU rather than the entire Domain if that is easier to code.
The results need to be in the format:

Machine Name - Local Group Name - Username

Many Thanks

0
Comment
Question by:mikevr6
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
9 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 34926543
There is no LDAP query you can use to give the local group memberships on servers and workstations.  That info is not stored in AD.

You would need some sort of script like in this question  

http://www.experts-exchange.com/Programming/System/Windows__Programming/Q_24405443.html

Thanks

Mike
0
 

Author Comment

by:mikevr6
ID: 34926696
Thanks Mike.

I found some code which is suitable in that thread. It will read in the Computer names by OU and query the Local Administrators Group. I have also created a second Script that will read the Remote Desktop Users membership. I would like to combine these into one and crucially, not quit when it cannot connect to a computer.

Const ADS_SCOPE_ONELEVEL = 1
 
Set oConn = CreateObject("ADODB.Connection")
Set oCommand = CreateObject("ADODB.Command")
oConn.Provider = "ADsDSOObject"
oConn.Open "Active Directory Provider"
Set oCommand.ActiveConnection = oConn
 
oCommand.Properties("Page Size") = 1000
oCommand.Properties("Searchscope") = ADS_SCOPE_ONELEVEL
 
sOU = "'LDAP://ou=Servers,dc=test,dc=example,dc=com'"
 
oCommand.CommandText = "SELECT Name, ADsPath FROM " & sOU & _
" WHERE objectCategory ='computer'"
Set oRecordSet = oCommand.Execute
oRecordSet.MoveFirst
Do Until oRecordSet.EOF
WScript.Echo "List of member of local Administrators group for " & oRecordSet.Fields("Name").Value
Set oLocalAdmins = GetObject("WinNT://" & oRecordSet.Fields("Name").Value & "/Administrators")
For Each oLocalAdmin in oLocalAdmins.Members
WScript.Echo oLocalAdmin.Name
Next
oRecordSet.MoveNext
Loop
0
 

Author Comment

by:mikevr6
ID: 34941614
A quick 500 points for someone who can add the "Remote Desktop Users" group to the output and stop the script quitting when it can't contact a machine.
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
LVL 65

Expert Comment

by:RobSampson
ID: 34947646
Hi there, see if this works for you.

Regards,

Rob.
arrGroups = Array("Administrators", "Remote Desktop Users")
strOutput = "GroupMembers.csv"

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objOutput = objFSO.CreateTextFile(strOutput, True)
objOutput.WriteLine """COMPUTER"",""GROUP NAME"",""MEMBER NAME"""

Const ADS_SCOPE_ONELEVEL = 1 
 
Set oConn = CreateObject("ADODB.Connection") 
Set oCommand = CreateObject("ADODB.Command") 
oConn.Provider = "ADsDSOObject" 
oConn.Open "Active Directory Provider" 
Set oCommand.ActiveConnection = oConn 
 
oCommand.Properties("Page Size") = 1000 
oCommand.Properties("Searchscope") = ADS_SCOPE_ONELEVEL 
 
sOU = "'LDAP://ou=Servers,dc=test,dc=example,dc=com'"
 
For Each strGroup In arrGroups
	oCommand.CommandText = "SELECT Name, ADsPath FROM " & sOU & " WHERE objectCategory ='computer'" 
	Set oRecordSet = oCommand.Execute
	oRecordSet.MoveFirst
	Do Until oRecordSet.EOF
		'WScript.Echo "List of member of local Administrators group for " & oRecordSet.Fields("Name").Value 
		Set oLocalAdmins = GetObject("WinNT://" & oRecordSet.Fields("Name").Value & "/" & strGroup) 
		For Each oLocalAdmin in oLocalAdmins.Members 
			objOutput.WriteLine """" & oRecordSet.Fields("Name").Value & """,""" & strGroup & """,""" & oLocalAdmin.Name
		Next 
		oRecordSet.MoveNext
	Loop
Next
objOutput.Close

MsgBox "Done. Please see " & strOutput

Open in new window

0
 

Author Comment

by:mikevr6
ID: 34950210
Hi Rob,

Thanks very much. This is checking the Admin and RDP users fine.
However, when I run it against our test OU, which contains 3 servers, it stops after checking the first server.
Can you also change the formatting of the report, so it uses the Group Name and Member name columns correctly? We're nearly there :)
I've attached the output of my test.
Many Thanks GroupMembers.csv
0
 
LVL 65

Accepted Solution

by:
RobSampson earned 2000 total points
ID: 34957379
Hi, try this. It should work much better.

Regards,

Rob.
arrGroups = Array("Administrators", "Remote Desktop Users")
strOutput = "GroupMembers.csv"

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objOutput = objFSO.CreateTextFile(strOutput, True)
objOutput.WriteLine """COMPUTER"",""GROUP NAME"",""MEMBER NAME"""

Const ADS_SCOPE_ONELEVEL = 1 
 
Set oConn = CreateObject("ADODB.Connection") 
Set oCommand = CreateObject("ADODB.Command") 
oConn.Provider = "ADsDSOObject" 
oConn.Open "Active Directory Provider" 
Set oCommand.ActiveConnection = oConn 
 
oCommand.Properties("Page Size") = 1000 
oCommand.Properties("Searchscope") = ADS_SCOPE_ONELEVEL 
 
sOU = "'LDAP://ou=Servers,dc=test,dc=example,dc=com'"

oCommand.CommandText = "SELECT Name, ADsPath FROM " & sOU & " WHERE objectCategory ='computer'" 
Set oRecordSet = oCommand.Execute
oRecordSet.MoveFirst
Do Until oRecordSet.EOF
	strComputer = oRecordSet.Fields("Name").Value
	If Ping(strComputer) = True Then
		For Each strGroup In arrGroups
			'WScript.Echo "List of member of local Administrators group for " & strComputer
			On Error Resume Next
			Set oLocalAdmins = GetObject("WinNT://" & strComputer & "/" & strGroup) 
			If Err.Number = 0 Then
				On Error GoTo 0
				For Each oLocalAdmin in oLocalAdmins.Members 
					objOutput.WriteLine """" & strComputer & """,""" & strGroup & """,""" & oLocalAdmin.Name & """"
				Next
			Else
				objOutput.WriteLine """" & strComputer & """,""" & strGroup & """,""Error " & Err.Number & ": " & Err.Description & """"
				Err.Clear
				On Error GoTo 0
			End If
		Next
	Else
		objOutput.WriteLine """" & strComputer & """,""" & strGroup & """,""OFFLINE"""
	End If
	oRecordSet.MoveNext
Loop
objOutput.Close

MsgBox "Done. Please see " & strOutput

Function Ping(strComputer)
	Dim objShell, boolCode
	Set objShell = CreateObject("WScript.Shell")
	boolCode = objShell.Run("Ping -n 1 -w 300 " & strComputer, 0, True)
	If boolCode = 0 Then
		Ping = True
	Else
		Ping = False
	End If
End Function

Open in new window

0
 

Author Closing Comment

by:mikevr6
ID: 34958933
Fantastic! Thanks for your efforts Mike and especially Rob! Genius!!
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 34958981
No worries. Thanks for the grade.

Regards,

Rob.
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Let's recap what we learned from yesterday's Skyport Systems webinar.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question