Powershell script to search remote computers for certain service account in local groups

I am trying to create a script to search several computers and list what groups a specific user is a member of an export to a csv file.

Example:

ComputerA has a user called USERA that is a member of the local Administrators group and Remote Desktop Users group

ComputerB has a user called USERA that is a member of the local Administrators group and Backup Operators group

The cvs file would list the computer name, USERA, and groups that it is a member of

ComputerA,USERA,Administrators
ComputerA,USERA,Remote Desktop Users
ComputerB,USERA,Administrators
ComputerB,USERA,Backup Operators

Any help is greatly appreciated.
DBThomson76Asked:
Who is Participating?
 
Daniel_PLConnect With a Mentor DB Expert/ArchitectCommented:
Simple example, not oneliner however easier to work on (at least for me :p). Computerlist and user are statically created for my test machine.

$comp = $Env:computername
$user = "TestUser";
[array]$computers+=$comp;
[array]$findings=$null;
foreach ($computername in $computers)
{
	[ADSI]$S = "WinNT://$computername"
	$groups=$S.children.where({$_.class -eq 'group'});
	[array]$groupsIn=$null;
	foreach ($group in $groups)
	{
		$exists=$group.Invoke('members')  | ForEach {$_.GetType().InvokeMember("Name",  'GetProperty',  $null,  $_, $null)} | ? {$_ -like "$user"};
		if($exists)
		{
			$object = New-Object –TypeName PSObject
			$object | Add-Member –MemberType NoteProperty –Name Group –Value $($group.Name)
			$object | Add-Member –MemberType NoteProperty –Name ComputerName –Value $computername
			$findings+=$object;
		}
	}
}

Open in new window

0
 
Daniel_PLDB Expert/ArchitectCommented:
Hi,
Use ADSI (Active Directory Service Interface), good example below. You should easily apply that into your code. In case of any problems get back :)

https://mcpmag.com/articles/2015/06/18/reporting-on-local-groups.aspx

Open in new window


Regards,
Daniel
0
 
DBThomson76Author Commented:
Thank you for that information but I am trying to narrow down looking for a specific user in any local groups on several computers.
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
Daniel_PLDB Expert/ArchitectCommented:
Right, I missed that. Here's example of how to list that information:
$Computer = [ADSI]"WinNT://$Computer"
$Groups = $Computer.psbase.Children | Where {$_.psbase.schemaClassName -eq "group"}
ForEach ($Group In $Groups)
{
    "Group: " + $Group.Name
    $Members = @($Group.psbase.Invoke("Members"))
    ForEach ($Member In $Members)
    {
        $Class = $Member.GetType().InvokeMember("Class", 'GetProperty', $Null, $Member, $Null)
        $Name = $Member.GetType().InvokeMember("Name", 'GetProperty', $Null, $Member, $Null)
    }
}

Open in new window

0
 
DBThomson76Author Commented:
Your script errored.

Here is what I have so far but It gives me all the local groups from each computer with any user within a group.

I want to narrow that down to only list the local groups per computer that have a specific user in it.  That is what I am trying to accomplish.

$computers = get-content computers.txt
$computers | foreach {
$computername = $_
[ADSI]$S = "WinNT://$computername"
$S.children.where({$_.class -eq 'group'}) |
Select @{Name="Computername";Expression={$_.Parent.split("/")[-1] }},
@{Name="Name";Expression={$_.name.value}},
@{Name="Members";Expression={
[ADSI]$group = "$($_.Parent)/$($_.Name),group"
$members = $Group.psbase.Invoke("Members")
($members | ForEach-Object {
$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)
}) -join ";"
}}
} | Export-CSV -path \LocalAudit.csv –notypeinformation
0
 
DBThomson76Author Commented:
Thank you!
0
 
PberSolutions ArchitectCommented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Accept: Daniel_PL (https:#a42372618)

If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

Pber
Experts-Exchange Cleanup Volunteer
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.