asked on

Need Help with existing powershell script

Greeting Experts,
I need some help with existing PowerShell script designed to poll Active Directory and get a list of Users and Groups located in the LocalAdminGroup for each server. The Script its self-works with no problem but I need to change the formatting on the output file….. Instead of putting all of the users/OU Groups to one row I would like to put each users & OU Group to each rule (i.e. one user or ou to row). I have put an example of the exiting format and new format I am looking for…. Is there somebody out there that can help me with this…

exmaple 1      Existing formate
PCName1      User1, User2, OU1, OU2
PCName2      User1, User2, OU1, OU3
PCName3      User1, User2, OU1, OU4
PCName4      User1, User2, OU1, OU5
PCName5      User1, User2, OU1, OU6

example 2       New formate
PCName1      User1
PCName1      User2
PCName1      OU1
PCName1      OU2
PCName2      User1
PCName2      User2
PCName2      OU1
PCName2      OU3
PCName3      User1
PCName3      User2
PCName3      OU1
PCName3      OU4

function 

get-localusers { 
        param( 
    [Parameter(Mandatory=$true,valuefrompipeline=$true)] 
    [string]$strComputer) 
    begin {} 
    Process { 
        $adminlist ="" 
        $computer = [ADSI]("WinNT://" + $strComputer + ",computer") 
        $AdminGroup = $computer.psbase.children.find("Administrators") 
        $Adminmembers= $AdminGroup.psbase.invoke("Members") | %{$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)}         
        foreach ($admin in $Adminmembers) { $adminlist = $adminlist + $admin + "," }          
        $Computer = New-Object psobject 
        $computer | Add-Member noteproperty ComputerName $strComputer 
        $computer | Add-Member noteproperty Administrators $adminlist   
        Write-Output $computer        
         } 
end {} 
} 
 
Get-QADComputer -OSName "*Windows*Server*" | ForEach-Object {$_.Name}| get-localusers | Export-Csv "C:\LocalAdminGroups_$((get-date).toString('MM-dd-yyyy'))v2.csv"

Open in new window

ASKER CERTIFIED SOLUTION

Raheman M. Abdul

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Mike

ASKER

The script works perfect thanks, One other quick question.... I have this script to scan for Servers but would like for it look at workstations as well... Is it possible to do this with the existing script....

SOLUTION

Qlemo

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

Mike

ASKER

the suggestion works... but I am looking to scan the entire AD enterprise domain...... Is there a way to update the script for all Devices.... not just the top 1000

Qlemo

You know that is a really, really hefty thing to do? Querying a huge amount of machines for local admin account members? You can do that by adding -SizeLimit 0 to Get-QADComputer, but it will take ages to complete. It's really not recommended to do it that way, which needs to connect to each PC found, one by one. And what about those machines not reachable while you run the script?

The usual way to cope with such a task is to run a startup script per GPO. The script will report the local admin members into one shared (troublesome) or per-machine files.

Mike

ASKER

Ok... I can understand your point.... I will use your idea....

Mike

ASKER

The Idea worked perfect that you both for your help this problem...... :)

Qlemo

Don't you think that point split is unbalanced somewhat? Raheman Mohammed Abdul's modification was a small one, and the add-on questions were all answered by me with something needing more knowledge and experience ...

Mike

ASKER

Qlemo - you are right and I do apologize... I have requested the Moderators split up the points 50/50 to make it more balanced..... :)