22 September, 2016

Get Local Administrators group members for all servers in the domain (Powershell)

Hi,

Could not find a script that will enumerate all servers from AD (or specific OU) and give me a centralized CSV output of all the members of the servers local administrators group.

So I wrote one...

The script also enumerate groups members and indicate if the object is a user / computer or group (and then write the group name).
The script also check if the server is reachable and if you can connect via WMI, if nor indicates it in the output.
Console output is available.

Enjoy.

========================================
import-module ActiveDirectory

cls
$array = @()
$test2 = ""

#get local admin function
function get-localadmin {
param ($strcomputer)

$admins = Get-WmiObject win32_groupuser –computer $strcomputer -EV Err -EA SilentlyContinue
$admins = $admins |? {$_.groupcomponent –like '*"Administrators"'}

$admins |% {
$_.partcomponent –match “.+Domain\=(.+)\,Name\=(.+)$” > $nul
$matches[1].trim('"') + “\” + $matches[2].trim('"')
}
}

#list all servers to proccess [replace this with your OU structure]
$Comp = Get-ADComputer -SearchBase 'OU=Servers,dc=domain,dc=local' -Filter '*' | Select -Exp Name

#run on each server
foreach ($ADServer in $Comp) {
    #Test if the server is responsive
    $test = Test-Connection -computername $ADServer -Count 1 -Quiet
    Write-Host "`nProccessing " $ADServer "..." -NoNewLine
    If ($test -eq "True") {
            #run the WMI command and catch errors
            Try { $FnLocalAdmins = get-localadmin $ADServer }
            Catch {
                Write-Host " WMI error`n"
                $test2 = "Error"
                $Properties = @{Server=$ADServer;Admin="WMI Error";Type="Error"}
                $Newobject = New-Object PSObject -Property $Properties
                $array += $newobject
                }
            foreach ($Admins in $FnLocalAdmins) {
                #split the username form the domain or server
                $split = $Admins.Split('\')
                $domain = $split[0]
                $usr = $split[1]
                #Check if the object is local or domain based [Replace this with your domain name]
                If ($domain -eq "YOUR_DOMAIN") {
                    $u = Get-ADObject -Filter {samaccountname -eq $usr} -Properties objectClass
                    #check if the object is user, computer or group
                    Switch ($u.objectclass) {
                        User {
                            $Properties = @{Server=$ADServer;Admin=$usr;Type="Domain"}
                            $Newobject = New-Object PSObject -Property $Properties
                            $array += $newobject
                            ;break}
                        Computer {
                            $Properties = @{Server=$ADServer;Admin=$usr;Type="Computer"}
                            $Newobject = New-Object PSObject -Property $Properties
                            $array += $newobject
                            ;break}
                        Group {
                            $g = get-adgroupmember $usr -recursive
                            foreach ($groupuser in $G) {
                            $Properties = @{Server=$ADServer;Admin=$groupuser.samaccountname;Type=$usr}
                            $Newobject = New-Object PSObject -Property $Properties
                            $array += $newobject }
                            ;break}
                        Default {
                            $Properties = @{Server=$ADServer;Admin=$usr;Type="Bad Object"}
                            $Newobject = New-Object PSObject -Property $Properties
                            $array += $newobject
                            ;break}
                    }
                }
                Else {
                        $Properties = @{Server=$ADServer;Admin=$usr;Type="Local"}
                        $Newobject = New-Object PSObject -Property $Properties
                        $array += $newobject
                }
            }
                #write back to the console that all went ok
                If ($test2 -eq "Error") {$test2 = ""} Else {
                Write-Host " OK"
                $test2 = "" }
    }
    Else {
        Write-Host " Unreachable`n" -NoNewLine
        $Properties = @{Server=$ADServer;Admin="Unreachable";Type="Error"}
        $Newobject = New-Object PSObject -Property $Properties
        $array += $newobject
    }
}  
          
#export the results to a csv file
$array | export-csv -Path "D:\Scripts\Server\Output\LocalAdmins.csv" -Delimiter ";" -NoTypeInformation -Encoding UTF8
Posted by at 1 comment:
Labels: , ,

28 April, 2016

Simple logoff script with cancel prompt and timeout

Hi,

I looked for a way to logoff my kids session on my home PC and it seems that you only have it on Active Directory settings...

So I wrote a VB script and scheduled it to run under my kids username everyday at 23:00...

This will prompt the user if he wants to cancel the logoff and if not answered in 30 seconds (you can change it) will logoff.

Scheduled it for 23:00, 00:00, 01:00 ......

====================================================

Option Explicit
Dim objShell, intLogoff, strLogoff

set objShell = CreateObject("WScript.Shell")
intLogoff = (objShell.Popup("Cancel logoff ?",30,"Logoff",0))
If intLogoff = 1 Then
'Abort Logoff
'Wscript.echo "Login off Canceled"
Else
'Logging off
'Wscript.echo "Login off"
strLogoff = "logoff"
set objShell = CreateObject("WScript.Shell")
objShell.Run strLogoff, 0, false
End if

Wscript.Quit

===================================================

Enjoy...
Posted by at No comments:
Subscribe to: Posts (Atom)