Solved

VBScript:  Elevated Account Audit

Posted on 2013-05-20
1
326 Views
Last Modified: 2013-06-11
Hello Experts!

     Just curious if anyone has in their script repository a script that will go out and audit AD of all newly created administrator accounts.  I'd need the script to pull how many ADM accounts were created the week prior and as well as which permissions were assigned and what groups they belong to and then produce an output file such as .CSV reporting the findings.  Any help is GREATLY APPRECIATED!

ADM_JDoe
0
Comment
Question by:itsmevic
1 Comment
 
LVL 42

Accepted Solution

by:
sedgwick earned 500 total points
Comment Utility
function get-localadministrators {
    param ([string]$computername=$env:computername)
	$week = (Get-Date).AddDays(-7)
    $computername = $computername.toupper()
    $ADMINS = get-wmiobject -computername $computername -query "select * from win32_groupuser where GroupComponent=""Win32_Group.Domain='$computername',Name='administrators'""" | % {$_.partcomponent}

    foreach ($ADMIN in $ADMINS) {
                $admin = $admin.replace("\\$computername\root\cimv2:Win32_UserAccount.Domain=","") # trims the results for a user
                $admin = $admin.replace("\\$computername\root\cimv2:Win32_Group.Domain=","") # trims the results for a group
                $admin = $admin.replace('",Name="',"\")
                $admin = $admin.REPLACE("""","")#strips the last "
				$domainadmin = $admin.split("\")[0]
				$username = $admin.split("\")[1]
				$user = Get-ADUser $admin.split("\")[1] -Properties memberOf, whenCreated
				$whenCreated = $user.whenCreated
				
				if($week -ge $whenCreated) {
					$memberOf = $user.memberOf
					$groups = ($memberOf | Get-ADGroup | select -expand name) -join ","
	                $objOutput = New-Object PSObject -Property @{
	                    Machinename = $computername
	                    DomainName  = $domainadmin
	                    UserName = $username
						WhenCreated = $whenCreated
						MemberOf = $groups
	                }#end object
				}
    $objreport+=@($objoutput)
    }#end for

    return $objreport
}#end function

get-localadministrators | Export-Csv c:\temp\1.csv -NoTypeInformation

Open in new window


from http://andrewmorgan.ie/2011/06/10/retrieve-a-list-of-local-administrators-using-powershell/
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
Introduction You may have a need to setup a group of users to allow local administrative access on workstations.  In a domain environment this can easily be achieved with Restricted Groups and Group Policies. This article will demonstrate how to…
The viewer will learn how to count occurrences of each item in an array.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now