Solved

Query servers to get local administrators

Posted on 2013-01-14
1
800 Views
Last Modified: 2013-01-15
I have a PS script to query my servers. It works fine and returns back information but I'm wanting to know if there's additional information I can get. I really would like to see when each account or group was added to the local administrators group on each server (and by who) if possible. The date each account was added would also be great. I'm not sure if any of these are possible but I'm hoping that some or all is. Here's the script I'm using:

$servers= get-content 'servers.csv'
$output = 'AuditResults.csv' 
$results = @()
foreach($server in $servers)
{
$admins = @()
$group = [ADSI]"WinNT://$server/Administrators" 
$members = @($group.psbase.Invoke("Members"))
$members | foreach {
$obj = new-object psobject -Property @{
 Server = $Server
 Admin = $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)
 ADSPath = $_.GetType().InvokeMember('ADSPath', 'GetProperty', $Null, $_, $Null) -replace ('WinNT://', '') -replace('/', '\')
 Class = $_.GetType().InvokeMember('class', 'GetProperty', $Null, $_, $Null)
 }
 $admins += $obj
 } 
$results += $admins
}
$results| Export-csv $Output -NoTypeInformation

Open in new window


Thanks in advance!!!
Todd
0
Comment
Question by:Zilla01
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 38777428
There is no attribute in object to tell you who added a user to local admin group and when, you need to check the audit logs to find the same.. You need to query event logs to find out whether there are users are added to local administrators group or removed from local administrators groups. Since the events are created at the time of group modification there are chances of the logs getting overwritten..
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

The Nano Server Image Builder helps you create a custom Nano Server image and bootable USB media with the aid of a graphical interface. Based on the inputs you provide, it generates images for deployment and creates reusable PowerShell scripts that …
Recently we ran in to an issue while running some SQL jobs where we were trying to process the cubes.  We got an error saying failure stating 'NT SERVICE\SQLSERVERAGENT does not have access to Analysis Services. So this is a way to automate that wit…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question