Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Need Help with existing powershell script

Posted on 2014-11-11
10
Medium Priority
?
327 Views
Last Modified: 2014-11-12
Greeting Experts,
I need some help with existing PowerShell script designed to poll Active Directory and get a list of Users and Groups located in the LocalAdminGroup for each server. The Script its self-works with no problem but I need to change the formatting on the output file…..  Instead of putting all of the users/OU Groups to one row I would like to put each users & OU Group to each rule (i.e. one user or ou  to row). I have put an example of the exiting format and new format I am looking for…. Is there somebody out there that can help me with this…    

exmaple 1      Existing formate
PCName1      User1, User2, OU1, OU2
PCName2      User1, User2, OU1, OU3
PCName3      User1, User2, OU1, OU4
PCName4      User1, User2, OU1, OU5
PCName5      User1, User2, OU1, OU6


example 2       New formate
PCName1      User1
PCName1      User2
PCName1      OU1
PCName1      OU2
PCName2      User1
PCName2      User2
PCName2      OU1
PCName2      OU3
PCName3      User1
PCName3      User2
PCName3      OU1
PCName3      OU4






function 

get-localusers { 
        param( 
    [Parameter(Mandatory=$true,valuefrompipeline=$true)] 
    [string]$strComputer) 
    begin {} 
    Process { 
        $adminlist ="" 
        $computer = [ADSI]("WinNT://" + $strComputer + ",computer") 
        $AdminGroup = $computer.psbase.children.find("Administrators") 
        $Adminmembers= $AdminGroup.psbase.invoke("Members") | %{$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)}         
        foreach ($admin in $Adminmembers) { $adminlist = $adminlist + $admin + "," }          
        $Computer = New-Object psobject 
        $computer | Add-Member noteproperty ComputerName $strComputer 
        $computer | Add-Member noteproperty Administrators $adminlist   
        Write-Output $computer        
         } 
end {} 
} 
 
Get-QADComputer -OSName "*Windows*Server*" | ForEach-Object {$_.Name}| get-localusers | Export-Csv "C:\LocalAdminGroups_$((get-date).toString('MM-dd-yyyy'))v2.csv"

Open in new window

0
Comment
Question by:Mike
  • 5
  • 3
10 Comments
 
LVL 19

Accepted Solution

by:
Raheman M. Abdul earned 1000 total points
ID: 40435912
Try this:
function get-localusers { 
        param( 
    [Parameter(Mandatory=$true,valuefrompipeline=$true)] 
    [string]$strComputer) 
    begin {} 
    Process { 
        $computer = [ADSI]("WinNT://" + $strComputer + ",computer") 
        $AdminGroup = $computer.psbase.children.find("Administrators") 
        $Adminmembers= $AdminGroup.psbase.invoke("Members") | %{$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)}         
        foreach ($admin in $Adminmembers)           
        {
        $Computer = New-Object psobject 
        $computer | Add-Member noteproperty ComputerName $strComputer 
        $computer | Add-Member noteproperty Administrators $admin   
        Write-Output $computer        
        }
         } 
end {} 
} 
 
Get-QADComputer -OSName "*Windows*Server*" | ForEach-Object {$_.Name}| get-localusers | Export-Csv "C:\LocalAdminGroups_$((get-date).toString('MM-dd-yyyy'))v2.csv"
                                  

Open in new window

0
 

Author Comment

by:Mike
ID: 40436439
The script works perfect thanks,  One other quick question.... I have this script to scan for Servers but would like for it look at workstations as well... Is it possible to do this with the existing script....
0
 
LVL 71

Assisted Solution

by:Qlemo
Qlemo earned 1000 total points
ID: 40436983
The last line determines what to process. Just remove the parameter of Get-QADComputer to get up to 1000 machines. Line 21 then looks like:
Get-QADComputer | ForEach-Object {$_.Name}| get-localusers | Export-Csv "C:\LocalAdminGroups_$((get-date).toString('MM-dd-yyyy'))v2.csv"

Open in new window

0
WatchGuard Case Study: Museum of Flight

“With limited money and limited staffing, we didn’t have a lot of choices in terms of what we could do to bring efficiency. WatchGuard played a central part in changing that.” To provide strong, secure Wi-Fi access within the museum, Hunter chose to deploy WatchGuard’s AP120 APs.

 

Author Comment

by:Mike
ID: 40437644
the suggestion works... but I am looking to scan the entire AD enterprise domain...... Is there a way to update the script for all Devices.... not just the top 1000
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 40438050
You know that is a really, really hefty thing to do? Querying a huge amount of machines for local admin account members? You can do that by adding -SizeLimit 0 to Get-QADComputer, but it will take ages to complete. It's really not recommended to do it that way, which needs to connect to each PC found, one by one. And what about those machines not reachable while you run the script?

The usual way to cope with such a task is to run a startup script per GPO. The script will report the local admin members into one shared (troublesome) or per-machine files.
0
 

Author Comment

by:Mike
ID: 40438248
Ok... I can understand your point.... I will use your idea....
0
 

Author Comment

by:Mike
ID: 40438255
The Idea worked perfect that you both for your help this problem......  :)
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 40438322
Don't you think that point split is unbalanced somewhat? Raheman Mohammed Abdul's modification was a small one, and the add-on questions were all answered by me with something needing more knowledge and experience ...
0
 

Author Comment

by:Mike
ID: 40438416
Qlemo - you are right and I do apologize... I have requested the Moderators split up the points 50/50 to make it more balanced..... :)
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
The Windows functions GetTickCount and timeGetTime retrieve the number of milliseconds since the system was started. However, the value is stored in a DWORD, which means that it wraps around to zero every 49.7 days. This article shows how to solve t…
Learn the basics of if, else, and elif statements in Python 2.7. Use "if" statements to test a specified condition.: The structure of an if statement is as follows: (CODE) Use "else" statements to allow the execution of an alternative, if the …
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question