By default, this script will find all servers in Active Directory and audit the local Administrators and Remote Desktop Users groups for their membership. It will display to the screen and create a CSV file of the results.
You can alter which local groups to audit (top of the script) and the output location of the CSV file to save to (bottom of the script).
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
# Define local groups to audit $groups = "Administrators", "Remote Desktop Users"; # Add Active Directory powershell plug-in import-module activedirectory; # Get all servers from AD and ignore predefined list $adservers = get-adcomputer -filter {operatingsystem -like "*server*"} | where {$_.enabled -eq $true} | sort name; # Loop through each server found in AD foreach ($adserver in $adservers) { # Set server name from AD object $servername = $adserver.name; # Check if server is pingable if((test-connection -computername $servername -count 1 -quiet)) { # Loop through each group to audit foreach ($group in $groups) { # Define the localgroup in the correct format $localgroup = [ADSI]"WinNT://$servername/$group"; # Get members of the local group $members = @($localgroup.Invoke("Members")); # Loop through each member found foreach ($member in $members) { # Define name and type of the member $memberName = $member.GetType().Invokemember("Name","GetProperty",$null,$member,$null); $memberType = $member.GetType().Invokemember("Class","GetProperty",$null,$member,$null); # Build CSV string $outstring = $servername + "," + $group + "," +$membername + "," +$membertype; # Output string to screen write-host $outstring; # Append CSV string to file $outstring >> c:\temp\localgroupaudit.csv; } } } } |
The resulting CSV file is in the format of <server name>, <local group name>, <group member name>, <member type (user or group)>:
Can you update script so that output format will be grouped by server with heading – Server name, Local Group Name, Members, Type?
good script
its very useful
Great script
Thank you