Powershell Script to export members of Local administrators group of all servers in Domain.

Question

Hello,

I am looking to export the members of the Local Administrators group from all servers within our domain into a CSV file.

Does anyone have a script for accomplishing this task?

Thank you.

Regards,

Raj

Answer 1

Try the following:

# Define an array to store the results
$adminGroupMembers = @()
# Get a list of servers in your domain
$servers = Get-ADComputer -Filter {OperatingSystem -like "*Windows*Server*"} | Select-Object -ExpandProperty Name
# Iterate through each server
foreach ($server in $servers) {
    # Try to establish a remote session to the server
    try {
        $session = New-PSSession -ComputerName $server -ErrorAction Stop
        
        # Retrieve the members of the Local Administrators group
        $members = Invoke-Command -Session $session -ScriptBlock {
            $group = [ADSI]"WinNT://./Administrators,group"
            $members = $group.Invoke("Members") | foreach { $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null) }
            $members
        }
        
        # Add server and its administrators to the results array
        $adminGroupMembers += [PSCustomObject]@{
            Server = $server
            Administrators = $members -join ', '
        }
        
        # Close the remote session
        Remove-PSSession -Session $session
    } catch {
        Write-Host "Failed to connect to $server: $_"
    }
}
# Export the results to a CSV file
$adminGroupMembers | Export-Csv -Path "LocalAdmins.csv" -NoTypeInformation

---

If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

hth

Marcin

Answer 2

Hi @raj a

The script below should help you if you launched on admin machine with network flow opened for remote powershell

$serverlist = Get-ADComputer -Filter  "OperatingSystem -like 'Windows Server*' " -Properties * | select DNSHostname
$csvFilePath = "C:\temp\Export.csv"
Add-Content -Value "server,name" -Path $csvFilePath
foreach($server in $serverlist)
{
$members = Invoke-Command -ComputerName $server -ScriptBlock {   Get-LocalGroup -Name administrators}
foreach($member in $members)
{
$name = $member.Name
Add-Content -Value "$server,$name" -Path $csvFilePath
}
}

---

Please don't forget to accept helpful answer

Answer 3

Hi,

You can run the command Get-LocalGroupMember remotely to get members of the Local Administrators group like the scripts suggested above, but you have to make sure all the computers are turned on when you run it. Also note that you must create a GPO to enable WinRM on all the AD computers.

https://woshub.com/enable-winrm-management-gpo/

Or you can create a GPO to run a startup script to get the Local Administrators group members and export it to a CSV on a file share.

Get-LocalGroupMember -Name "administrators" | Export-Csv -Path "\\server\share\file.csv" -NoTypeInformation -Append

Best Regards,

Ian Xue

---

If the Answer is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.