다음을 통해 공유


Powershell Script to find if Domain Admins is a member of Computer Local Administrators

So here's another script that I quickly knocked up. Basically, I was asked whether there was a way of finding out whether the Domain Admins group was a member of the Local Administrators group on a list of computers. Powershell to the rescue; I'm really getting into this Powershell Malarkey.

It is rather rudimentary and could actually be made a bit more usable by getting it to search AD and even specific OU structures in AD. Examples of this follow later in my TechNet Blog.

Script attached to blog below (requires removal of txt extension to work).

 

<#
#####################################################################
SCRIPT IsADMemberOfLocalAdmins.ps1

SYNTAX
.\IsADMemberOfLocalAdmins.ps1 -InputFile <.\ComputerList.txt> -OutputFile <.\OutPutFile.txt>

-InputFile Text file containing list of Computers to query
                   
-OutputFile Text File containing results from script

SYNOPSIS
Queries the Local Administrators group on the computers listed in the
text file provided as a parameter, to determine if Domain Admins is
listed as a member.

NOTE
    Script requires no parameters or arguments, but does have some.
    I recommend you have the relevant permissions in the domain and
    on the computers being queried for optimal results.

    This script is provided "AS IS" with no warranties, confers no rights and
    is not supported by the authors or employer.

AUTHOR
    Carl Harrison

VERSION: 1.0 - First cut
#####################################################################
#>

# Change these two to suit your needs
Param (
  [Parameter()][string]$InputFile='.\computers.txt',
  [Parameter()][String]$OutputFile='.\IsDAMemberOfAdminsOutput.txt')

$ChildGroups = "Domain Admins"
$LocalGroup = "Administrators"

$MemberNames = @()
$OutPutResults = @()
$Computers = Get-Content $InputFile
foreach ( $Computer in $Computers ) {
 $Group= [ADSI]"WinNT://$Computer/$LocalGroup,group"
 $Members = @($Group.psbase.Invoke("Members"))
 $Members | ForEach-Object {
  $MemberNames += $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)
 }
 $ChildGroups | ForEach-Object {
  $output = "" | Select-Object Computer, Group, InLocalAdmin
  $output.Computer = $Computer
  $output.Group = $_
  $output.InLocalAdmin = $MemberNames -contains $_
  Write-Output $output
        $OutputResults += $output
    }
    $MemberNames = @()
}
$OutputResults | Export-CSV -NoTypeInformation $OutputFile

 

IsDAMemberOflocalAdmins.ps1.txt