?
Solved

List of server admin groups using Powershell

Posted on 2012-08-12
7
Medium Priority
?
645 Views
Last Modified: 2012-11-19
Hi

I have a couple of servers running Windows 2008 Server, they are running various applications for our company.

Within each server there is the Administrator group and also some specific  (local) groups for our company:

ITAdmins
Helpdesk Admins
Vendors

Every week, I would like to run a script that will pull the membership of the local groups on the server. I have an admin server running Powershell 2 and I was thinking of using this.

Please note, the groups I mentioned above aren't Domain Security/Distribution Groups within Active Directory, they are local groups on the servers themselves.

Thanks in advance for any assistance.
0
Comment
Question by:redman20111
  • 4
  • 2
7 Comments
 
LVL 18

Expert Comment

by:x-men
ID: 38286930
$hostnames = get-content c:\hostnames.txt
Foreach ($Hostname in $hostnames) {

([ADSI]"WinNT://$Hostname/ITAdmins,group").psbase.Invoke("Members") |
    % {$_.GetType().InvokeMember("Name",'GetProperty',$null,$_,$null)}

([ADSI]"WinNT://$Hostname/"Helpdesk Admins",group").psbase.Invoke("Members") |
    % {$_.GetType().InvokeMember("Name",'GetProperty',$null,$_,$null)}

([ADSI]"WinNT://$Hostname/Vendors,group").psbase.Invoke("Members") |
    % {$_.GetType().InvokeMember("Name",'GetProperty',$null,$_,$null)}
}
0
 
LVL 18

Accepted Solution

by:
x-men earned 1000 total points
ID: 38287056
The same, including host and group names:


$hostnames = get-content c:\hostnames.txt
foreach ($hostname in $Hostnames) {"$hostname`tITAdmins`t$(([ADSI]"WinNT://$hostname/ITAdmins,group").psbase.Invoke("Members") | % {$_.GetType().InvokeMember("Name",'GetProperty',$null,$_,$null)})
$hostname`t"Helpdesk Admins"`t$(([ADSI]"WinNT://$hostname/"Helpdesk Admins",group").psbase.Invoke("Members") | % {$_.GetType().InvokeMember("Name",'GetProperty',$null,$_,$null)})
$hostname`t Vendors`t$(([ADSI]"WinNT://$hostname/Vendors,group").psbase.Invoke("Members") | % {$_.GetType().InvokeMember("Name",'GetProperty',$null,$_,$null)})
" }
0
 
LVL 52

Assisted Solution

by:Manpreet SIngh Khatra
Manpreet SIngh Khatra earned 1000 total points
ID: 38287140
List Local administrators on a machine using Powershell, ADSI
http://www.iislogs.com/steveschofield/list-local-administrators-on-a-machine-using-powershell-adsi

Here is the VBScript.

Set objGroup = GetObject("WinNT://./Administrators,group")

    For Each objUser In objGroup.Members
        WScript.Echo "Member found: " & objUser.Name
    Next

set objGroup = Nothing

Here is the Powershell syntax.

function LogToFile ([string]$strFileName, [string]$strComputer)
{
 Add-Content $strFileName $strComputer
}

$strComputer = "."
$computer = [ADSI]("WinNT://" + $strComputer + ",computer")
$Group = $computer.psbase.children.find("Administrators")
$members= $Group.psbase.invoke("Members") | %{$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)}

ForEach($user in $members)

{
Write-Host $user
$a = $strComputer + "!" + $user.ToString()
LogToFile "C:\ss.txt" $a
}

Get Local Administrators with WMI and PowerShell
http://jdhitsolutions.com/blog/2011/07/get-local-administrators-with-wmi-and-powershell/

List-LocalAdmins
http://powershell.com/cs/media/p/1659.aspx

- Rancy
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 

Author Comment

by:redman20111
ID: 38430380
Thanks, but these are local groups (i.e. not Domain Groups), so why are we using ADSI?
0
 
LVL 18

Expert Comment

by:x-men
ID: 38431748
[ADSI] is the adapter, that establishes the connection to "WinNT://..." for local
0
 

Author Comment

by:redman20111
ID: 38607756
Hi x-men thanks for your solution (copied below)...but are you able to explain how it works for me?

$hostnames = get-content c:\hostnames.txt
foreach ($hostname in $Hostnames) {"$hostname`tITAdmins`t$(([ADSI]"WinNT://$hostname/ITAdmins,group").psbase.Invoke("Members") | % {$_.GetType().InvokeMember("Name",'GetProperty',$null,$_,$null)})
$hostname`t"Helpdesk Admins"`t$(([ADSI]"WinNT://$hostname/"Helpdesk Admins",group").psbase.Invoke("Members") | % {$_.GetType().InvokeMember("Name",'GetProperty',$null,$_,$null)})
$hostname`t Vendors`t$(([ADSI]"WinNT://$hostname/Vendors,group").psbase.Invoke("Members") | % {$_.GetType().InvokeMember("Name",'GetProperty',$null,$_,$null)})
" }
0
 
LVL 18

Expert Comment

by:x-men
ID: 38612105
0

Featured Post

Configuration Guide and Best Practices

Read the guide to learn how to orchestrate Data ONTAP, create application-consistent backups and enable fast recovery from NetApp storage snapshots. Version 9.5 also contains performance and scalability enhancements to meet the needs of the largest enterprise environments.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A walk-through example of how to obtain and apply new DID phone numbers to your cloud PBX enabled users that are configured in Office 365. Whether you have 1, 10 or 100+ users in your tenant, it's quite easy to get them phone-enabled and making/rece…
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question