Powershell script to get all local admin members (Network Steve Forum)

Powershell script to get all local admin members

Created this from multiple sources - it works - just wanted to see comments on what I could have done better.

Input - all computers in domain. Connects to them and then pulls all members of local admin group and writes information to a csv. Its slow - but works.

Thanks for input.

Import-module ActiveDirectory
$computers = Get-ADComputer -Filter *
$LocalGroupName = "Administrators"

$OutputDir = "c:\temp"
$OutputFile = Join-Path $OutputDir "LocalGroupMembers.csv"
Write-Verbose "Script will write the output to $OutputFile folder"
Add-Content -Path $OutPutFile -Value "ComputerName, LocalGroupName, Status, MemberType, MemberDomain, MemberName"

foreach ($computer in $computers) 
    {
        $computerName = $computer.name
		If(!(Test-Connection -ComputerName $computerName -Count 1 -Quiet)) {
			Add-Content -Path $OutputFile -Value "$computerName,$LocalGroupName,Offline"
		Continue
		} 
		else {
			try {
				$group = [ADSI]"WinNT://$computerName/$LocalGroupName"
				$members = @($group.Invoke("Members"))
				if(!$members) {
					Add-Content -Path $OutputFile -Value "$Computer,$LocalGroupName,NoMembersFound"
					Continue
				}
			}
			catch {
				Add-Content -Path $OutputFile -Value "$computerName,,FailedToQuery"
				Continue
			}
			foreach($member in $members) {
				try {
					$MemberName = $member.GetType().Invokemember("Name","GetProperty",$null,$member,$null)
					$MemberType = $member.GetType().Invokemember("Class","GetProperty",$null,$member,$null)
					$MemberPath = $member.GetType().Invokemember("ADSPath","GetProperty",$null,$member,$null)
					$MemberDomain = $null
					If($MemberPath -match "^Winnt\:\/\/(?<domainName>\S+)\/(?<CompName>\S+)\/") {
						if($MemberType -eq "User") {
							$MemberType = "LocalUser"
						} elseif($MemberType -eq "Group"){
							$MemberType = "LocalGroup"
						}
						$MemberDomain = $matches["CompName"]
					} elseif($MemberPath -match "^WinNT\:\/\/(?<domainname>\S+)/") {
						if($MemberType -eq "User") {
							$MemberType = "DomainUser"
						} elseif($MemberType -eq "Group"){
							$MemberType = "DomainGroup"
						}
						$MemberDomain = $matches["domainname"]
					} else {
						$MemberType = "Unknown"
						$MemberDomain = "Unknown"
					}
					If ($MemberName -notlike "Domain Admins" -and $MemberName -notlike "Enterprise Admins" -and $MemberName -notlike "redtower1"-and $MemberName -notlike "Administrator" -and $MemberName -notlike "WorkstationAdmins" -and $MemberName -notlike "ServerAdmins")	{
					Add-Content -Path $OutPutFile -Value "$computerName, $LocalGroupName, SUCCESS, $MemberType, $MemberDomain, $MemberName"
					}
				} catch {
				Add-Content -Path $OutputFile -Value "$Computer,,FailedQueryMember"
				}
    		}
		}
		}

Edited by dolejh Tuesday, May 26, 2015 1:28 PM

May 26th, 2015 1:27pm

Can you explain this a little...

I am not sure what you mean by this runs in parallel??

I like the domain vs local part - this helps exclude some.

Edited by dolejh Wednesday, May 27, 2015 2:37 PM

Free Windows Admin Tool Kit Click here and download it now

May 27th, 2015 2:34pm

This topic is archived. No further replies will be accepted.