Solved

VBScript:  Elevated Account Audit

Posted on 2013-05-20
1
335 Views
Last Modified: 2013-06-11
Hello Experts!

     Just curious if anyone has in their script repository a script that will go out and audit AD of all newly created administrator accounts.  I'd need the script to pull how many ADM accounts were created the week prior and as well as which permissions were assigned and what groups they belong to and then produce an output file such as .CSV reporting the findings.  Any help is GREATLY APPRECIATED!

ADM_JDoe
0
Comment
Question by:itsmevic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 42

Accepted Solution

by:
sedgwick earned 500 total points
ID: 39183716
function get-localadministrators {
    param ([string]$computername=$env:computername)
	$week = (Get-Date).AddDays(-7)
    $computername = $computername.toupper()
    $ADMINS = get-wmiobject -computername $computername -query "select * from win32_groupuser where GroupComponent=""Win32_Group.Domain='$computername',Name='administrators'""" | % {$_.partcomponent}

    foreach ($ADMIN in $ADMINS) {
                $admin = $admin.replace("\\$computername\root\cimv2:Win32_UserAccount.Domain=","") # trims the results for a user
                $admin = $admin.replace("\\$computername\root\cimv2:Win32_Group.Domain=","") # trims the results for a group
                $admin = $admin.replace('",Name="',"\")
                $admin = $admin.REPLACE("""","")#strips the last "
				$domainadmin = $admin.split("\")[0]
				$username = $admin.split("\")[1]
				$user = Get-ADUser $admin.split("\")[1] -Properties memberOf, whenCreated
				$whenCreated = $user.whenCreated
				
				if($week -ge $whenCreated) {
					$memberOf = $user.memberOf
					$groups = ($memberOf | Get-ADGroup | select -expand name) -join ","
	                $objOutput = New-Object PSObject -Property @{
	                    Machinename = $computername
	                    DomainName  = $domainadmin
	                    UserName = $username
						WhenCreated = $whenCreated
						MemberOf = $groups
	                }#end object
				}
    $objreport+=@($objoutput)
    }#end for

    return $objreport
}#end function

get-localadministrators | Export-Csv c:\temp\1.csv -NoTypeInformation

Open in new window


from http://andrewmorgan.ie/2011/06/10/retrieve-a-list-of-local-administrators-using-powershell/
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
The viewer will learn how to count occurrences of each item in an array.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question