Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Query servers to get local administrators

Posted on 2013-01-14
1
Medium Priority
?
811 Views
Last Modified: 2013-01-15
I have a PS script to query my servers. It works fine and returns back information but I'm wanting to know if there's additional information I can get. I really would like to see when each account or group was added to the local administrators group on each server (and by who) if possible. The date each account was added would also be great. I'm not sure if any of these are possible but I'm hoping that some or all is. Here's the script I'm using:

$servers= get-content 'servers.csv'
$output = 'AuditResults.csv' 
$results = @()
foreach($server in $servers)
{
$admins = @()
$group = [ADSI]"WinNT://$server/Administrators" 
$members = @($group.psbase.Invoke("Members"))
$members | foreach {
$obj = new-object psobject -Property @{
 Server = $Server
 Admin = $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)
 ADSPath = $_.GetType().InvokeMember('ADSPath', 'GetProperty', $Null, $_, $Null) -replace ('WinNT://', '') -replace('/', '\')
 Class = $_.GetType().InvokeMember('class', 'GetProperty', $Null, $_, $Null)
 }
 $admins += $obj
 } 
$results += $admins
}
$results| Export-csv $Output -NoTypeInformation

Open in new window


Thanks in advance!!!
Todd
0
Comment
Question by:Zilla01
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 40

Accepted Solution

by:
Subsun earned 1500 total points
ID: 38777428
There is no attribute in object to tell you who added a user to local admin group and when, you need to check the audit logs to find the same.. You need to query event logs to find out whether there are users are added to local administrators group or removed from local administrators groups. Since the events are created at the time of group modification there are chances of the logs getting overwritten..
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

My attempt to use PowerShell and other great resources found online to simplify the deployment of Office 365 ProPlus client components to any workstation that needs it, regardless of existing Office components that may be needing attention.
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question