Powershell - How to find who is a local administrator on the servers in Active Directory

active-directory windows-server-2008-r2 powershell

5,475

To create an output list of {Server, User} you need to combine the expansion of the membership lists with each row from the AD query. This can be done by Foreach-Object and creation of a custom object:

$searchOU='ou=name,dc=dc,dc=com'
Get-ADComputer -filter * -SearchBase $searchOU | 
  Foreach-Object {
    $server = $_.Name
    ([ADSI]"WinNT://$($_.Name)/Administrators").psbase.invoke('Members') | 
      ForEach-Object {
            $user = $_.GetType().InvokeMember('Name', 'GetProperty', $null, $_, $null)

            New-Object 'PSObject' -property @{'Server'=$server; 'Admin'=$user}
       }
 }

The results of the above can easily be formatted:

… | Format-Table -AutoSize Server, Name

And then append | Out-File $filename -encoding UTF8 to save to a file (or use a redirection operator; but I prefer Out-File as I can avoid UTF8).

However:

If the core script is designed for reuse (eg. output to different formats) I would suggest avoiding hard-coding the formatting in the script (making further processing/filtering much harder: would need to parse the output).
If the output file is intended for saving and then further processing then Export-CSV is a batter approach.
The New-Object's property list can be arbitrarily extended beyond just the two properties above.

5,475

Sabeltiger

Updated on September 18, 2022

Comments

Sabeltiger over 1 year
I would like some help to merge these two scripts, the first one I've made myself the other one is borrowed. How do I get these scripts merged, so I can get list of all the servers and of all members in the local administrators group on the servers in an out-file?

My Script:
```
$SearchOU='OU=Servers,DC=LB,DC=NET'
Get-ADComputer -Filter * -SearchBase $SearchOU | Format-Table -Property name
```
The borrowed Script:
```
$searchOU='ou=name,dc=dc,dc=com'
Get-ADComputer -filter * -SearchBase $searchOU | 
     Foreach-Object{
           ([ADSI]"WinNT://$($_.Name)/Administrators").psbase.invoke('Members') | 
           ForEach-Object{
                $_.GetType().InvokeMember('Name', 'GetProperty', $null, $_, $null)
           }
     }
```
- Richard over 11 years
  
  Merge in what way? Do you mean appending the Format-Table to the latter or something else? (PS. What have you tried?)
- Sabeltiger over 11 years
  
  What I mean is, that the first script: gives me a list of all my servers in the OU 'Servers'; and the second script gives me a list of all the accounts in the local-administrator group for all the servers in the 'servers' OU. So what I mean by merging, is this: To get a script that makes an txt output file where all the serveres are, with all the members in the local administator group for each server. and since the two scripts gives a list of each, then I found it natural to call it a "merge". I hope you understand now. :)
- Sabeltiger over 11 years
  
  And yes i would also like to append Format-Table to the latter.
Sabeltiger over 11 years

I have just tested you're script and it works perfect, I had never guessed the $Server and New-Object lines for the script. Many thanks Richard. Now I only need to practice the insert of the Format-table to the script. but you helped me with the hard part, thanks so much.
Sabeltiger over 11 years

Okay i'll admit it, PowerShell is not my strong side at all. I have now tried various ways of setting the Out-File. (ex. at the end of 'New-Object' line, I inserted | Out-file path) I even tried the whole string | Format-Table and so forth. But I get this error: Out-File : Cannot bind argument to parameter 'FilePath' because it is null.
Sabeltiger over 11 years

So after this line: New-Object.....'Admin'=$user} i insert: | Format-Table -AutoSize Server, Name | Out-File C:\Scripts\servers.txt ???
Sabeltiger over 11 years

I have posted a new question at this link with powershell error-log: serverfault.com/questions/471326/…