Solved

Query servers to get local administrators

Posted on 2013-01-14
1
807 Views
Last Modified: 2013-01-15
I have a PS script to query my servers. It works fine and returns back information but I'm wanting to know if there's additional information I can get. I really would like to see when each account or group was added to the local administrators group on each server (and by who) if possible. The date each account was added would also be great. I'm not sure if any of these are possible but I'm hoping that some or all is. Here's the script I'm using:

$servers= get-content 'servers.csv'
$output = 'AuditResults.csv' 
$results = @()
foreach($server in $servers)
{
$admins = @()
$group = [ADSI]"WinNT://$server/Administrators" 
$members = @($group.psbase.Invoke("Members"))
$members | foreach {
$obj = new-object psobject -Property @{
 Server = $Server
 Admin = $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)
 ADSPath = $_.GetType().InvokeMember('ADSPath', 'GetProperty', $Null, $_, $Null) -replace ('WinNT://', '') -replace('/', '\')
 Class = $_.GetType().InvokeMember('class', 'GetProperty', $Null, $_, $Null)
 }
 $admins += $obj
 } 
$results += $admins
}
$results| Export-csv $Output -NoTypeInformation

Open in new window


Thanks in advance!!!
Todd
0
Comment
Question by:Zilla01
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 38777428
There is no attribute in object to tell you who added a user to local admin group and when, you need to check the audit logs to find the same.. You need to query event logs to find out whether there are users are added to local administrators group or removed from local administrators groups. Since the events are created at the time of group modification there are chances of the logs getting overwritten..
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
A recent project that involved parsing Tableau Desktop and Server log files to extract reusable user queries for use in other systems. I chose to use PowerShell to gather the data, and SharePoint to present it...
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question