Avatar of AhmedAliShaik
AhmedAliShaik
Flag for India asked on

getlocaladminitrator.ps1 for 100 servers.

function get-localadministrators {
    param ([string]$computername=$env:computername)

    $computername = $computername.toupper()
    $ADMINS = get-wmiobject -computername $computername -query "select * from win32_groupuser where GroupComponent=""Win32_Group.Domain='$computername',Name='administrators'""" | % {$_.partcomponent}

    foreach ($ADMIN in $ADMINS) {
                $admin = $admin.replace("\\$computername\root\cimv2:Win32_UserAccount.Domain=","") # trims the results for a user
                $admin = $admin.replace("\\$computername\root\cimv2:Win32_Group.Domain=","") # trims the results for a group
                $admin = $admin.replace('",Name="',"\")
                $admin = $admin.REPLACE("""CLASS","")#strips the last "

                $objOutput = New-Object PSObject -Property @{
                    Machinename = $computername
                    Fullname = ($admin)
		    DomainName  =$admin.split("\")[0]
                    UserName = $admin.split("\")[1]
                }#end object

    $objreport+=@($objoutput)
    }#end for

    return $objreport
}#end function

get-localadministrators

Open in new window

Hi Team,

I got the shell script from Microsoft site, which is working perfectly to pull the local admin members for 1 server.

I am unable to import a txt or csv file with list of servers and get the output for all the servers in the input file.

Could you help me in finetuning this.

Powershell script:
function get-localadministrators {
    param ([string]$computername=$env:computername)

    $computername = $computername.toupper()
    $ADMINS = get-wmiobject -computername $computername -query "select * from win32_groupuser where GroupComponent=""Win32_Group.Domain='$computername',Name='administrators'""" | % {$_.partcomponent}

    foreach ($ADMIN in $ADMINS) {
                $admin = $admin.replace("\\$computername\root\cimv2:Win32_UserAccount.Domain=","") # trims the results for a user
                $admin = $admin.replace("\\$computername\root\cimv2:Win32_Group.Domain=","") # trims the results for a group
                $admin = $admin.replace('",Name="',"\")
                $admin = $admin.REPLACE("""CLASS","")#strips the last "

                $objOutput = New-Object PSObject -Property @{
                    Machinename = $computername
                    Fullname = ($admin)
		    DomainName  =$admin.split("\")[0]
                    UserName = $admin.split("\")[1]
                }#end object

    $objreport+=@($objoutput)
    }#end for

    return $objreport
}#end function

get-localadministrators

Open in new window

Shell ScriptingWindows Server 2003

Avatar of undefined
Last Comment
AhmedAliShaik

8/22/2022 - Mon
kevinhigg

This should be pretty straightforward.  The function is using the computername environment variable currently, but this version accepts the computername as a param to the function.  Notice the call to get-content, and the pipe to foreach.  This should allow the function to be executed against each item in the Servers.txt file (one computer name, no leading slashes / extra chars per line).  Kind regards.

function get-localadministrators ([string]$computername) {
    $computername = $computername.toupper()
    $ADMINS = get-wmiobject -computername $computername -query "select * from win32_groupuser where GroupComponent=""Win32_Group.Domain='$computername',Name='administrators'""" | % {$_.partcomponent}

    foreach ($ADMIN in $ADMINS) {
                $admin = $admin.replace("\\$computername\root\cimv2:Win32_UserAccount.Domain=","") # trims the results for a user
                $admin = $admin.replace("\\$computername\root\cimv2:Win32_Group.Domain=","") # trims the results for a group
                $admin = $admin.replace('",Name="',"\")
                $admin = $admin.REPLACE("""CLASS","")#strips the last "

                $objOutput = New-Object PSObject -Property @{
                    Machinename = $computername
                    Fullname = ($admin)
		    DomainName  =$admin.split("\")[0]
                    UserName = $admin.split("\")[1]
                }#end object

    $objreport+=@($objoutput)
    }#end for

    return $objreport
}#end function

get-content .\Servers.txt | foreach {
	get-localadministrators $_
}

Open in new window

AhmedAliShaik

ASKER
Hi Kevin,

Excellent & thank you for your quick response.

generally for one computer i am running as below in the shell.

Shell:> get-localadministrators.ps1 -computername "Servername"

But after the get-content i am confused what parameter i have to pass from the shell, tried even without using parameter.

Also my output is in the beloe format
DomainName Fullname MachineName UserName

Can i get output in the below format:
DomainName Fullname MachineName UserName type

Here type should display whether it is a user/group in the output.
ASKER CERTIFIED SOLUTION
kevinhigg

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
AhmedAliShaik

ASKER
Very Good Morning Kevin,

Now its running and getting the desired output.

One concern with regards to our environment is  many local groups are having few old accounts which has been deleted in AD but not in the local groups.
It is showing as an SID with ? symbol.

Can we ignore this because the script is not able to take the input as SID and even unable to find the type as user/group so throwing an error.

Last question:
Can we extend the script and get the group member details in the different output.

I am sorry for reirritating you.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
kevinhigg

No need for apology and certainly no irritation.  What was it that you had in mind?  I understand about the unresolvable SID's, but not sure what you were looking for in group member details?  The beauty of Powershell (and automation in general) is that most things are possible :)
AhmedAliShaik

ASKER
Hi Kevin,

I will give 1 example .
Server1 has local admin group with 3 users and two groups.
When i run the shell script i will get 5 entities as output ie 3 users names and 2 groups.

Can i get the output as 3 members + all the members in 2 groups.
AhmedAliShaik

ASKER
Thanks Kevin,

I sincerely appreciate your response with the shell script.

Once again Thanks
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.