asked on

Need to get local username and description for all computers in domain

I'm trying to write a powershell script which will go through all computers in Active Directory and get a list of local accounts and their descriptions.

The problem that I'm having is that it was hitting the domain controllers and then getting all the domain user accounts as well. So I tried to filter those out, but it's not working correct.

Get-ADComputer -LDAPfilter "(&(objectCategory=Computer)(!userAccountControl:1.2.840.113556.1.4.803:=8192))" -Property * | select -expandproperty name -first 1 | foreach-object {
$Comp = $_
if (test-connection -computername $Comp -count 1 -quiet)
{
([ADSI]"WinNT://$comp").Children | ?{$_.SchemaClassName -eq 'user'} | %{
$groups = $_.Groups() | %{$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)}
$_ | Select @{n='Server';e={$comp}},
@{n='UserName';e={$_.Name}},
@{n='LastLogin';e={$_.LastLogin}},
@{n='Groups';e={$groups -join ';'}},
@{n='Description';e={$_.Description}}

}
}
}|Export-Csv -NoTypeInformation LocalUsers.csv

Ajay Menon

Your script works perfectly fine....Whats the exact error/problem you are facing?

Get-ADComputer -LDAPfilter "(&(objectCategory=Computer)(!userAccountControl:1.2.840.113556.1.4.803:=8192))" -Property * |  select -expandproperty name | foreach-object {
    $Comp = $_
      if (test-connection -computername $Comp -count 1 -quiet)
{
                    ([ADSI]"WinNT://$comp").Children | ?{$_.SchemaClassName -eq 'user'} | %{
                    $groups = $_.Groups() |  % {$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)}
                    $_ | Select @{n='Server';e={$comp}},
                    @{n='UserName';e={$_.Name}},
                    @{n='LastLogin';e={$_.LastLogin}},
                    @{n='Groups';e={$groups -join ';'}},
                    @{n='Description';e={$_.Description}}
  
                 } 
           }
     }| Out-GridView -ErrorAction SilentlyContinue

Open in new window

encoad

ASKER

Well it seems to grab a hundred accounts from a remote read only domain controller across the world, and nothing else. Doesn't even get through the "A"s.

Ajay Menon

-SearchBase "DC=Contoso,DC=local" -Server "SERVERNAME.Contoso.local"

Open in new window

ref: https://docs.microsoft.com/en-us/powershell/module/addsadministration/get-adcomputer?view=win10-ps

encoad

ASKER

Hi Ajay,

Yes, but that will search all computers including domain controllers. When it hits a DC it lists 2000 users for the domain, for each DC. So I need to exclude the DCs.

Ajay Menon

Hmmm....I'm not sure, but worth a try (Not tested)

$dcs = Get-ADDomainController | Select-Object Name
Get-ADComputer -LDAPfilter "(&(objectCategory=Computer)(!userAccountControl:1.2.840.113556.1.4.803:=8192))" -Property * |  select -expandproperty name | foreach-object {
    $Comp = $_
    if($dcs -notcontains $Comp){
      if (test-connection -computername $Comp -count 1 -quiet)
       {
                    ([ADSI]"WinNT://$comp").Children | ?{$_.SchemaClassName -eq 'user'} | %{
                    $groups = $_.Groups() |  % {$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)}
                    $_ | Select @{n='Server';e={$comp}},
                    @{n='UserName';e={$_.Name}},
                    @{n='LastLogin';e={$_.LastLogin}},
                    @{n='Groups';e={$groups -join ';'}},
                    @{n='Description';e={$_.Description}}
  
                 } 
           }
     }} | Out-GridView -ErrorAction SilentlyContinue

Open in new window

This question needs an answer!

Become an EE member today

7 DAY FREE TRIAL

Members can start a 7-Day Free trial then enjoy unlimited access to the platform.

View membership options

Learn why we charge membership fees

We get it - no one likes a content blocker. Take one extra minute and find out why we block content.