Solved

Report If Backup_Administrators Exist in Local Admins

Posted on 2011-03-18
3
289 Views
Last Modified: 2012-05-11
I'm querying from a list of servers to report on whether or not the Backup_Administrator group exists within the Local Administrators group.

I'm also pulling the OU location of the server in ADUC, as well as the Last Logon Date. These are working fine, but BackUp_Admin check is always coming up false, even when it exists.
'Option Explicit

Dim strSourceFile, objExcel, objWorkbook, IntRow
Dim strMachine, strDomain, strBUAdmin
Dim objConnection, objCommand, objRecordSet
Dim strCategory, strTarget, strFilter
Dim strLocation, objMachine, objMemberOf, strResult, strOU, i, strOrgUnit
Dim arrRealAdmins, adminGroup, groupMember, ret


' Reference Section
strSourceFile = "C$\Server_input.xls"

Set objExcel = CreateObject("Excel.Application")
Set objWorkbook = objExcel.Workbooks.Open(strSourceFile)
IntRow = 1
strDomain = "dc=domain,dc=com"

Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection


' Worker Section
Do Until objExcel.Cells(IntRow, 1).Value = ""
arrRealAdmins = Array("Backup_Administrators")
strMachine = objExcel.Cells(IntRow, 1).Value
WScript.Echo "Querying " & strMachine
strCategory = "(objectCategory=Computer)"
strTarget = "(cn=" & strMachine & ")"
strFilter = strCategory & strTarget

objCommand.CommandText = "<GC://" & strDomain & ">;(&" & strFilter & ")" & ";LastLogonTimeStamp,DistinguishedName;subtree"
Set objRecordSet = objCommand.Execute

While Not objRecordSet.EOF
 
  strLocation = objRecordSet.Fields("DistinguishedName")
  strOU = Split(strLocation,",")
  
    For i = LBound(strOU) To UBound(strOU)
      If InStr(strOU(i), "_") > 0 Then
        strOrgUnit = mid(strOU(i), 4)
      Else
      End If
    Next
  
  Set objMachine = GetObject("LDAP://" & strLocation )'  
    
  strDate = objRecordSet.Fields("LastLogonTimeStamp")
  Set lngDate = strDate
  strDate = #1/1/1601#
  
  If (lngDate.HighPart = 0) And (lngDate.LowPart = 0 ) Then
    strDate = #1/1/1601#
  Else
    strDate = #1/1/1601# + (((lngDate.HighPart * (2 ^ 32)) + lngDate.LowPart)/600000000)/1440
  End If
  strDateOnly = Split(strDate," ")
   
  Call IsBUAdminPresent(strBUAdmin,MemberName)
     
  ' Output Section within loop
  'WScript.Echo objMachine.Name
	  If strBUAdmin = True Then
	  	  objExcel.Cells(IntRow, 2).Value = "Yes"
	      objExcel.Cells(IntRow, 3).Value = strDateOnly 
		  objExcel.Cells(IntRow, 4).Value = objRecordSet.Fields("DistinguishedName")
	  ElseIf strBUAdmin = False Then
	  	  objExcel.Cells(IntRow, 2).Value = "No"
	      objExcel.Cells(IntRow, 3).Value = strDateOnly 
		  objExcel.Cells(IntRow, 4).Value = objRecordSet.Fields("DistinguishedName")
	  End If
  objRecordSet.MoveNext
  
Wend

IntRow = IntRow + 1

Loop

Function IsBUAdminPresent(strBUAdmin, MemberName)
	dim i
	for i = lbound(arrRealAdmins) to ubound(arrRealAdmins)
		if ucase(MemberName) = ucase(arrRealAdmins(i)) then
			strBUAdmin = True
			exit Function
		end If
	Next
	strBUAdmin = False
end Function

objConnection.Close
objExcel.Quit

Open in new window

0
Comment
Question by:JB4375
3 Comments
 
LVL 12

Accepted Solution

by:
prashanthd earned 500 total points
Comment Utility
Hi,

The code for checking the group was missing.

Try the following code

regards
Prashanth
'Option Explicit
On Error Resume Next

Dim strSourceFile, objExcel, objWorkbook, IntRow
Dim strMachine, strDomain, strBUAdmin
Dim objConnection, objCommand, objRecordSet
Dim strCategory, strTarget, strFilter
Dim strLocation, objMachine, objMemberOf, strResult, strOU, i, strOrgUnit
Dim arrRealAdmins, adminGroup, groupMember, ret


' Reference Section
strSourceFile = "C$\Server_input.xls"

Set objExcel = CreateObject("Excel.Application")
Set objWorkbook = objExcel.Workbooks.Open(strSourceFile)
IntRow = 1
strDomain = "dc=domain,dc=com"

Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection


' Worker Section
Do Until objExcel.Cells(IntRow, 1).Value = ""
    arrRealAdmins = "Backup_Administrators"
    strMachine = objExcel.Cells(IntRow, 1).Value
    
    WScript.Echo "Querying " & strMachine
    strCategory = "(objectCategory=Computer)"
    strTarget = "(cn=" & strMachine & ")"
    strFilter = strCategory & strTarget
    
    objCommand.CommandText = "<GC://" & strDomain & ">;(&" & strFilter & ")" & ";LastLogonTimeStamp,DistinguishedName;subtree"
    Set objRecordSet = objCommand.Execute
    
    While Not objRecordSet.EOF
        
        strLocation = objRecordSet.Fields("DistinguishedName")
        strOU = Split(strLocation,",")
        
        For i = LBound(strOU) To UBound(strOU)
            If InStr(strOU(i), "_") > 0 Then
                strOrgUnit = Mid(strOU(i), 4)
            Else
            End If
        Next
        
        Set objMachine = GetObject("LDAP://" & strLocation )'  
        
        strDate = objRecordSet.Fields("LastLogonTimeStamp")
        Set lngDate = strDate
        strDate = #1/1/1601#
        
        If (lngDate.HighPart = 0) And (lngDate.LowPart = 0 ) Then
            strDate = #1/1/1601#
        Else
            strDate = #1/1/1601# + (((lngDate.HighPart * (2 ^ 32)) + lngDate.LowPart)/600000000)/1440
        End If
        strDateOnly = Split(strDate," ")
        
        'Check for backup admin 
        strBUAdmin = False
        Set objGroup = GetObject("WinNT://" & strMachine & "/Administrators,group")
        
        For Each mem In objGroup.Members
            WScript.echo strMachine & " - " & mem.name
            If StrComp(LCase(mem.name),LCase(arrRealAdmins)) Then
                strBUAdmin = True
                Exit For
            End If            
        Next
        
        ' Output Section within loop
        'WScript.Echo objMachine.Name
        If strBUAdmin = True Then
            objExcel.Cells(IntRow, 2).Value = "Yes"
            objExcel.Cells(IntRow, 3).Value = strDateOnly 
            objExcel.Cells(IntRow, 4).Value = objRecordSet.Fields("DistinguishedName")
        ElseIf strBUAdmin = False Then
            objExcel.Cells(IntRow, 2).Value = "No"
            objExcel.Cells(IntRow, 3).Value = strDateOnly 
            objExcel.Cells(IntRow, 4).Value = objRecordSet.Fields("DistinguishedName")
        End If
        objRecordSet.MoveNext
        
    Wend
    
    IntRow = IntRow + 1
    
Loop

objConnection.Close
objExcel.Quit

Open in new window

0
 
LVL 15

Expert Comment

by:markdmac
Comment Utility
Another way to check it:
Dim strFindName: strFindName = "Backup_Administrator"
Dim strTarget: strTarget = "."

WScript.Echo CheckAdmin(strTarget, strFindName)


Function CheckAdmin(strComputer, strAdmin)
	Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")
	BackupPresent = False	
	If Err.Number = 0 Then
		For Each objUser In objGroup.Members
	        If UCase(objUser.Name) = UCase(strAdmin) Then
	        	BackupPresent = True
	        End If
	   	Next
	End If
	CheckAdmin = BackupPresent
End Function

Open in new window

0
 
LVL 1

Author Closing Comment

by:JB4375
Comment Utility
Prashanthd,
That worked perfectly!!
Thanks,
JB
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

This is an addendum to the following article: Acitve Directory based Outlook Signature (http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_24950055.html) The script is fine, and works in normal client-server domains…
When it comes to writing scripts for a Client/Server computing environment it is essential to consider some way of enabling the authentication functionality within a script. This sort of consideration mainly comes into the picture when we are dealin…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now