Solved

VBScript:  Elevated Account Audit

Posted on 2013-05-20
1
327 Views
Last Modified: 2013-06-11
Hello Experts!

     Just curious if anyone has in their script repository a script that will go out and audit AD of all newly created administrator accounts.  I'd need the script to pull how many ADM accounts were created the week prior and as well as which permissions were assigned and what groups they belong to and then produce an output file such as .CSV reporting the findings.  Any help is GREATLY APPRECIATED!

ADM_JDoe
0
Comment
Question by:itsmevic
1 Comment
 
LVL 42

Accepted Solution

by:
sedgwick earned 500 total points
ID: 39183716
function get-localadministrators {
    param ([string]$computername=$env:computername)
	$week = (Get-Date).AddDays(-7)
    $computername = $computername.toupper()
    $ADMINS = get-wmiobject -computername $computername -query "select * from win32_groupuser where GroupComponent=""Win32_Group.Domain='$computername',Name='administrators'""" | % {$_.partcomponent}

    foreach ($ADMIN in $ADMINS) {
                $admin = $admin.replace("\\$computername\root\cimv2:Win32_UserAccount.Domain=","") # trims the results for a user
                $admin = $admin.replace("\\$computername\root\cimv2:Win32_Group.Domain=","") # trims the results for a group
                $admin = $admin.replace('",Name="',"\")
                $admin = $admin.REPLACE("""","")#strips the last "
				$domainadmin = $admin.split("\")[0]
				$username = $admin.split("\")[1]
				$user = Get-ADUser $admin.split("\")[1] -Properties memberOf, whenCreated
				$whenCreated = $user.whenCreated
				
				if($week -ge $whenCreated) {
					$memberOf = $user.memberOf
					$groups = ($memberOf | Get-ADGroup | select -expand name) -join ","
	                $objOutput = New-Object PSObject -Property @{
	                    Machinename = $computername
	                    DomainName  = $domainadmin
	                    UserName = $username
						WhenCreated = $whenCreated
						MemberOf = $groups
	                }#end object
				}
    $objreport+=@($objoutput)
    }#end for

    return $objreport
}#end function

get-localadministrators | Export-Csv c:\temp\1.csv -NoTypeInformation

Open in new window


from http://andrewmorgan.ie/2011/06/10/retrieve-a-list-of-local-administrators-using-powershell/
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
This article is meant to give a basic understanding of how to use R Sweave as a way to merge LaTeX and R code seamlessly into one presentable document.
Learn the basics of while and for loops in Python.  while loops are used for testing while, or until, a condition is met: The structure of a while loop is as follows:     while <condition>:         do something         repeate: The break statement m…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

939 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now