Get Local Administrators group members for all servers in the domain (Powershell)

Hi,

Could not find a script that will enumerate all servers from AD (or specific OU) and give me a centralized CSV output of all the members of the servers local administrators group.

So I wrote one...

The script also enumerate groups members and indicate if the object is a user / computer or group (and then write the group name).
The script also check if the server is reachable and if you can connect via WMI, if nor indicates it in the output.
Console output is available.

Enjoy.

========================================

import-module ActiveDirectory

cls

$array = @()

$test2 = ""

#get local admin function

function get-localadmin {

param ($strcomputer)

$admins = Get-WmiObject win32_groupuser –computer $strcomputer -EV Err -EA SilentlyContinue

$admins = $admins |? {$_.groupcomponent –like '*"Administrators"'}

$admins |% {

$_.partcomponent –match “.+Domain\=(.+)\,Name\=(.+)$” > $nul

$matches[1].trim('"') + “\” + $matches[2].trim('"')

}

}

#list all servers to proccess [replace this with your OU structure]

$Comp = Get-ADComputer -SearchBase 'OU=Servers,dc=domain,dc=local' -Filter '*' | Select -Exp Name

#run on each server

foreach ($ADServer in $Comp) {

    #Test if the server is responsive

    $test = Test-Connection -computername $ADServer -Count 1 -Quiet

    Write-Host "`nProccessing " $ADServer "..." -NoNewLine

    If ($test -eq "True") {

            #run the WMI command and catch errors

            Try { $FnLocalAdmins = get-localadmin $ADServer }

            Catch {

                Write-Host " WMI error`n"

                $test2 = "Error"

                $Properties = @{Server=$ADServer;Admin="WMI Error";Type="Error"}

                $Newobject = New-Object PSObject -Property $Properties

                $array += $newobject

                }

            foreach ($Admins in $FnLocalAdmins) {

                #split the username form the domain or server

                $split = $Admins.Split('\')

                $domain = $split[0]

                $usr = $split[1]

                #Check if the object is local or domain based [Replace this with your domain name]

                If ($domain -eq "YOUR_DOMAIN") {

                    $u = Get-ADObject -Filter {samaccountname -eq $usr} -Properties objectClass

                    #check if the object is user, computer or group

                    Switch ($u.objectclass) {

                        User {

                            $Properties = @{Server=$ADServer;Admin=$usr;Type="Domain"}

                            $Newobject = New-Object PSObject -Property $Properties

                            $array += $newobject

                            ;break}

                        Computer {

                            $Properties = @{Server=$ADServer;Admin=$usr;Type="Computer"}

                            $Newobject = New-Object PSObject -Property $Properties

                            $array += $newobject

                            ;break}

                        Group {

                            $g = get-adgroupmember $usr -recursive

                            foreach ($groupuser in $G) {

                            $Properties = @{Server=$ADServer;Admin=$groupuser.samaccountname;Type=$usr}

                            $Newobject = New-Object PSObject -Property $Properties

                            $array += $newobject }

                            ;break}

                        Default {

                            $Properties = @{Server=$ADServer;Admin=$usr;Type="Bad Object"}

                            $Newobject = New-Object PSObject -Property $Properties

                            $array += $newobject

                            ;break}

                    }

                }

                Else {

                        $Properties = @{Server=$ADServer;Admin=$usr;Type="Local"}

                        $Newobject = New-Object PSObject -Property $Properties

                        $array += $newobject

                }

            }

                #write back to the console that all went ok

                If ($test2 -eq "Error") {$test2 = ""} Else {

                Write-Host " OK"

                $test2 = "" }

    }

    Else {

        Write-Host " Unreachable`n" -NoNewLine

        $Properties = @{Server=$ADServer;Admin="Unreachable";Type="Error"}

        $Newobject = New-Object PSObject -Property $Properties

        $array += $newobject

    }

}  

          

#export the results to a csv file

$array | export-csv -Path "D:\Scripts\Server\Output\LocalAdmins.csv" -Delimiter ";" -NoTypeInformation -Encoding UTF8

Simple logoff script with cancel prompt and timeout

Hi,

I looked for a way to logoff my kids session on my home PC and it seems that you only have it on Active Directory settings...

So I wrote a VB script and scheduled it to run under my kids username everyday at 23:00...

This will prompt the user if he wants to cancel the logoff and if not answered in 30 seconds (you can change it) will logoff.

Scheduled it for 23:00, 00:00, 01:00 ......

====================================================

Option Explicit
Dim objShell, intLogoff, strLogoff

set objShell = CreateObject("WScript.Shell")
intLogoff = (objShell.Popup("Cancel logoff ?",30,"Logoff",0))
If intLogoff = 1 Then
'Abort Logoff
'Wscript.echo "Login off Canceled"
Else
'Logging off
'Wscript.echo "Login off"
strLogoff = "logoff"
set objShell = CreateObject("WScript.Shell")
objShell.Run strLogoff, 0, false
End if

Wscript.Quit

===================================================

Enjoy...

Check if name equals its IP via batch

Hi,

Had a problem that I had a server name and it's IP and needed to make sure that the IP did not change.

Here is a small script to do that, pass the name and IP as parameters and it will give you back errorlevel according to the check (0 for OK).

============================================================
FOR /f "tokens=1,3 delims=: " %%A IN ('ping -n 1 %1') DO IF %%A==Reply set ip=%%B

If %2==%ip% goto ok

exit /B 1

:OK

exit /B 0
============================================================


Enjoy

creating m3u playlist automatically

Hi,

I'm updating my USB stick very frequently and the new car I got does not allow folder browsing only playlists. - very annoying.

But, this is not something that will stop me... after a lot of testing a created the following script, it will create a M3U file in each sub-directory (for now it only works with one level down).

So, there is PlayListCreator-Step1.cmd:
==========================================
del *.m3u /S /Q
dir /B /AD >DirList.txt

for /f "tokens=*" %%A in (DirList.txt) do (PlayListCreator-Step2.cmd "%%A")

==========================================

And PlayListCreator-Step2.cmd:

==========================================

set root=%__CD__%

cd %1

dir /b /o:n *.mp3 > "%~1.m3u"

cd /d %root%

==========================================

Just save the content between the === to files and run PlayListCreator-Step1.cmd.

Enjoy...

Find PDC emulator via nslookup query

Hi,

Just wanted to find a fast way to find who has some DC roles in the domain, sure there is the way to go into the MMC console but a fast way (and without the need to rdp the DC or install remote management tools) is running a nslookup query.

So, just open CMD and fill in the blanks:

Find all DC's:
nslookup -type=SRV _ldap._tcp.[your.fqdn.domain]

Find the PDC Emulator run:
nslookup -type=SRV _ldap._tcp.pdc._msdcs.[your.fqdn.domain]


Due credit for this site...

Simple script to check for firewall cluster failover

Hi,

I thought that you may like a very simple (but powerful) script to check if your firewall filed over to the standby node.

The script is made from 3 files:

• active_fw_ip.txt
• standby_fw_ip.txt
• Checked_FailOver_FW.cmd

The first 2 files contain exactly what they mean, each one has the IP of the active / standby firewall, to know what IP to save in the file just run a tracert command and see what is the IP that the fw is using. (if not ask your network guy).

Next, save the following content to Checked_FailOver_FW.cmd file:

************************************************************

rem *** get last check details ***

set /p active_fw_ip=

set /p standby_fw_ip=

set checked_ip=172.19.1.201

rem *** execute check ***

tracert -d -h 2 %checked_ip% | findstr "%active_fw_ip%"

if %errorlevel% == 0 goto All_OK else 

goto ip_changed

:All_OK

echo Nothing Changed...

goto end

:ip_changed

rem *** check if failover happened or something else ***

tracert -d -h 2 %checked_ip% | findstr "%standby_fw_ip%"

if %errorlevel% == 0 goto FailedOver else 

goto Error_in_check

:FailedOver

rem *** update files ***

echo %standby_fw_ip% > active_fw_ip.txt

echo %active_fw_ip% > standby_fw_ip.txt

echo echo FW Failed Over !!!

rem *** Here you put

rem *** any alerts

rem *** you may want

rem *** for a fail-over

goto end

:Error_in_check

rem *** Probebly check did not go OK ***

echo Check did not executed OK, check...

rem *** Here you put

rem *** any alerts

rem *** you may want

rem *** for a failed check

:end

************************************************************

just fill in the action you want taken when the firewall failed over or when the check did not go well.

Enjoy.


[from several checks that I did it seems that the script will work only if the firewall that you check is your default gateway... sorry...]

Add checkbox to a word document (v2013)

It seems that adding checkbox to a word document is not that easy, the option is not there by default.
So here it is (not that hard after all):

Open The option menu
Go to "Customize Ribbon" and check the "Developer" on the right side

Next just stand in the document where you need the check box to be and move to the "Developer" tab there you could find all kind of controls, one of them is the checkbox.

Enjoy...