Solved

Query servers to get local administrators

Posted on 2013-01-14
1
783 Views
Last Modified: 2013-01-15
I have a PS script to query my servers. It works fine and returns back information but I'm wanting to know if there's additional information I can get. I really would like to see when each account or group was added to the local administrators group on each server (and by who) if possible. The date each account was added would also be great. I'm not sure if any of these are possible but I'm hoping that some or all is. Here's the script I'm using:

$servers= get-content 'servers.csv'
$output = 'AuditResults.csv' 
$results = @()
foreach($server in $servers)
{
$admins = @()
$group = [ADSI]"WinNT://$server/Administrators" 
$members = @($group.psbase.Invoke("Members"))
$members | foreach {
$obj = new-object psobject -Property @{
 Server = $Server
 Admin = $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)
 ADSPath = $_.GetType().InvokeMember('ADSPath', 'GetProperty', $Null, $_, $Null) -replace ('WinNT://', '') -replace('/', '\')
 Class = $_.GetType().InvokeMember('class', 'GetProperty', $Null, $_, $Null)
 }
 $admins += $obj
 } 
$results += $admins
}
$results| Export-csv $Output -NoTypeInformation

Open in new window


Thanks in advance!!!
Todd
0
Comment
Question by:Zilla01
1 Comment
 
LVL 40

Accepted Solution

by:
Subsun earned 500 total points
ID: 38777428
There is no attribute in object to tell you who added a user to local admin group and when, you need to check the audit logs to find the same.. You need to query event logs to find out whether there are users are added to local administrators group or removed from local administrators groups. Since the events are created at the time of group modification there are chances of the logs getting overwritten..
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will help you understand what HashTables are and how to use them in PowerShell.
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question