Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

VBScript:  Elevated Account Audit

Posted on 2013-05-20
1
Medium Priority
?
338 Views
Last Modified: 2013-06-11
Hello Experts!

     Just curious if anyone has in their script repository a script that will go out and audit AD of all newly created administrator accounts.  I'd need the script to pull how many ADM accounts were created the week prior and as well as which permissions were assigned and what groups they belong to and then produce an output file such as .CSV reporting the findings.  Any help is GREATLY APPRECIATED!

ADM_JDoe
0
Comment
Question by:itsmevic
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 42

Accepted Solution

by:
Meir Rivkin earned 2000 total points
ID: 39183716
function get-localadministrators {
    param ([string]$computername=$env:computername)
	$week = (Get-Date).AddDays(-7)
    $computername = $computername.toupper()
    $ADMINS = get-wmiobject -computername $computername -query "select * from win32_groupuser where GroupComponent=""Win32_Group.Domain='$computername',Name='administrators'""" | % {$_.partcomponent}

    foreach ($ADMIN in $ADMINS) {
                $admin = $admin.replace("\\$computername\root\cimv2:Win32_UserAccount.Domain=","") # trims the results for a user
                $admin = $admin.replace("\\$computername\root\cimv2:Win32_Group.Domain=","") # trims the results for a group
                $admin = $admin.replace('",Name="',"\")
                $admin = $admin.REPLACE("""","")#strips the last "
				$domainadmin = $admin.split("\")[0]
				$username = $admin.split("\")[1]
				$user = Get-ADUser $admin.split("\")[1] -Properties memberOf, whenCreated
				$whenCreated = $user.whenCreated
				
				if($week -ge $whenCreated) {
					$memberOf = $user.memberOf
					$groups = ($memberOf | Get-ADGroup | select -expand name) -join ","
	                $objOutput = New-Object PSObject -Property @{
	                    Machinename = $computername
	                    DomainName  = $domainadmin
	                    UserName = $username
						WhenCreated = $whenCreated
						MemberOf = $groups
	                }#end object
				}
    $objreport+=@($objoutput)
    }#end for

    return $objreport
}#end function

get-localadministrators | Export-Csv c:\temp\1.csv -NoTypeInformation

Open in new window


from http://andrewmorgan.ie/2011/06/10/retrieve-a-list-of-local-administrators-using-powershell/
0

Featured Post

Tech or Treat!

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let's recap what we learned from yesterday's Skyport Systems webinar.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question