• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 823
  • Last Modified:

Query servers to get local administrators

I have a PS script to query my servers. It works fine and returns back information but I'm wanting to know if there's additional information I can get. I really would like to see when each account or group was added to the local administrators group on each server (and by who) if possible. The date each account was added would also be great. I'm not sure if any of these are possible but I'm hoping that some or all is. Here's the script I'm using:

$servers= get-content 'servers.csv'
$output = 'AuditResults.csv' 
$results = @()
foreach($server in $servers)
{
$admins = @()
$group = [ADSI]"WinNT://$server/Administrators" 
$members = @($group.psbase.Invoke("Members"))
$members | foreach {
$obj = new-object psobject -Property @{
 Server = $Server
 Admin = $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)
 ADSPath = $_.GetType().InvokeMember('ADSPath', 'GetProperty', $Null, $_, $Null) -replace ('WinNT://', '') -replace('/', '\')
 Class = $_.GetType().InvokeMember('class', 'GetProperty', $Null, $_, $Null)
 }
 $admins += $obj
 } 
$results += $admins
}
$results| Export-csv $Output -NoTypeInformation

Open in new window


Thanks in advance!!!
Todd
0
Zilla01
Asked:
Zilla01
1 Solution
 
SubsunCommented:
There is no attribute in object to tell you who added a user to local admin group and when, you need to check the audit logs to find the same.. You need to query event logs to find out whether there are users are added to local administrators group or removed from local administrators groups. Since the events are created at the time of group modification there are chances of the logs getting overwritten..
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Exchange Server

The MCTS: Microsoft Exchange Server 2010 certification validates your skills in supporting the maintenance and administration of the Exchange servers in an enterprise environment. Learn everything you need to know with this course.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now