Powershell script to search remote computers for certain service account in local groups

I am trying to create a script to search several computers and list what groups a specific user is a member of an export to a csv file.

Example:

ComputerA has a user called USERA that is a member of the local Administrators group and Remote Desktop Users group

ComputerB has a user called USERA that is a member of the local Administrators group and Backup Operators group

The cvs file would list the computer name, USERA, and groups that it is a member of

ComputerA,USERA,Administrators
ComputerA,USERA,Remote Desktop Users
ComputerB,USERA,Administrators
ComputerB,USERA,Backup Operators

Any help is greatly appreciated.
DBThomson76Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Daniel_PLDB Expert/ArchitectCommented:
Hi,
Use ADSI (Active Directory Service Interface), good example below. You should easily apply that into your code. In case of any problems get back :)

https://mcpmag.com/articles/2015/06/18/reporting-on-local-groups.aspx

Open in new window


Regards,
Daniel
0
DBThomson76Author Commented:
Thank you for that information but I am trying to narrow down looking for a specific user in any local groups on several computers.
0
Daniel_PLDB Expert/ArchitectCommented:
Right, I missed that. Here's example of how to list that information:
$Computer = [ADSI]"WinNT://$Computer"
$Groups = $Computer.psbase.Children | Where {$_.psbase.schemaClassName -eq "group"}
ForEach ($Group In $Groups)
{
    "Group: " + $Group.Name
    $Members = @($Group.psbase.Invoke("Members"))
    ForEach ($Member In $Members)
    {
        $Class = $Member.GetType().InvokeMember("Class", 'GetProperty', $Null, $Member, $Null)
        $Name = $Member.GetType().InvokeMember("Name", 'GetProperty', $Null, $Member, $Null)
    }
}

Open in new window

0
Redefine Your Security with AI & Machine Learning

The implications of AI and machine learning in cyber security are massive and constantly growing, creating both efficiencies and new challenges across the board. Check out our on-demand webinar to learn more about how AI can help your organization!

DBThomson76Author Commented:
Your script errored.

Here is what I have so far but It gives me all the local groups from each computer with any user within a group.

I want to narrow that down to only list the local groups per computer that have a specific user in it.  That is what I am trying to accomplish.

$computers = get-content computers.txt
$computers | foreach {
$computername = $_
[ADSI]$S = "WinNT://$computername"
$S.children.where({$_.class -eq 'group'}) |
Select @{Name="Computername";Expression={$_.Parent.split("/")[-1] }},
@{Name="Name";Expression={$_.name.value}},
@{Name="Members";Expression={
[ADSI]$group = "$($_.Parent)/$($_.Name),group"
$members = $Group.psbase.Invoke("Members")
($members | ForEach-Object {
$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)
}) -join ";"
}}
} | Export-CSV -path \LocalAudit.csv –notypeinformation
0
Daniel_PLDB Expert/ArchitectCommented:
Simple example, not oneliner however easier to work on (at least for me :p). Computerlist and user are statically created for my test machine.

$comp = $Env:computername
$user = "TestUser";
[array]$computers+=$comp;
[array]$findings=$null;
foreach ($computername in $computers)
{
	[ADSI]$S = "WinNT://$computername"
	$groups=$S.children.where({$_.class -eq 'group'});
	[array]$groupsIn=$null;
	foreach ($group in $groups)
	{
		$exists=$group.Invoke('members')  | ForEach {$_.GetType().InvokeMember("Name",  'GetProperty',  $null,  $_, $null)} | ? {$_ -like "$user"};
		if($exists)
		{
			$object = New-Object –TypeName PSObject
			$object | Add-Member –MemberType NoteProperty –Name Group –Value $($group.Name)
			$object | Add-Member –MemberType NoteProperty –Name ComputerName –Value $computername
			$findings+=$object;
		}
	}
}

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
DBThomson76Author Commented:
Thank you!
0
PberSolutions ArchitectCommented:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Accept: Daniel_PL (https:#a42372618)

If you feel this question should be closed differently, post an objection and the moderators will review all objections and close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

Pber
Experts-Exchange Cleanup Volunteer
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.