SS Technology Forum
Not logged in [Login ]
Go To Bottom

Printable Version  
Author: Subject: help using powershell to Get server admin group members from AD
hector
Junior Member
**




Posts: 7
Registered: 8/22/2011
Member Is Offline


[*] posted on 10/3/2011 at 09:15 AM
help using powershell to Get server admin group members from AD


Hi i have seen your script "List Local Administrator Group Members on a Server – PowerShell Script" :)

http://gallery.technet.microsoft.com/scriptcenter/f99a701a-a8f5-489...

But how could you get PowerShell to check all servers administrator group members within a domain by searching all OU's with a certain name?

So in my domain we keep all our servers in OU's called "servers" and these reside under office location names for example Manchester, London, Leeds etc

So what I'd like is to use PowerShell to check all servers in each OU called "servers" for the names of the administrator group members.

I would then like the output to a CSV report that would contain office location, server name and then the admin members of each server.

could you help?

View user's profile
Santhosh Sivarajan
Super Administrator
*********




Posts: 299
Registered: 6/29/2009
Location: USA
Member Is Offline


[*] posted on 10/3/2011 at 10:51 AM


You can use the same logic - http://portal.sivarajan.com/2011/04/list-local-administrator-group-members.html

You need to search the Active Directory first - http://portal.sivarajan.com/2011/04/search-active-directory-and-get.html

Here is the combined script :

Clear
$ServerInfoFile = New-Item -type file -force "C:\Scripts\Servers.csv"
$GFile = New-Item -type file -force "C:\Scripts\SGroupMemberDetails.csv"
"ServerName | Out-File $ServerInfoFile -encoding ASCII
$ObjFilter = "(objectClass=Computer)" #update the filter with Server specfic filter based on your requirement.
$objSearch = New-Object System.DirectoryServices.DirectorySearcher
$objSearch.PageSize = 15000
$objSearch.Filter = $ObjFilter
$objSearch.SearchRoot = "LDAP://dc=infralab, dc=local" #udpate the filter with your OU DN or domain name.
$AllObj = $objSearch.FindAll()
foreach ($Obj in $AllObj)
{
$objItemT = $Obj.Properties
$CName = $objItemT.name
"$CName" | Out-File $ComputerInfoFile -encoding ASCII -append
}
Import-CSV "C:\Scripts\Servers.csv" | ForEach-Object {
$SName = $_.ServerName
"Server Name - $SName" | Out-File $GFile -encoding ASCII -append
$group = [ADSI]("WinNT://$SName/Administrators,group")
$GMembers = $group.psbase.invoke("Members")
$GMembers | ForEach-Object {$_.GetType().InvokeMember("Name",'GetProperty', $null, $_, $null) | Out-File $GFile -encoding ASCII -append
}




Santhosh Sivarajan, Microsoft MVP-Directory Services

http://blogs.sivarajan.com/
http://portal2.sivarajan.com
http://twitter.com/santhosh_sivara
http://www.linkedin.com/in/sivarajan

This posting is provided AS IS with no warranties,and confers no rights.
View user's profile Visit user's homepage
Santhosh Sivarajan
Super Administrator
*********




Posts: 299
Registered: 6/29/2009
Location: USA
Member Is Offline


[*] posted on 10/3/2011 at 11:25 AM


I have added this to my blog also. Let me know if you run into any issues..

http://portal.sivarajan.com/2011/09/search-ad-and-list-local-administrator.html




Santhosh Sivarajan, Microsoft MVP-Directory Services

http://blogs.sivarajan.com/
http://portal2.sivarajan.com
http://twitter.com/santhosh_sivara
http://www.linkedin.com/in/sivarajan

This posting is provided AS IS with no warranties,and confers no rights.
View user's profile Visit user's homepage
hector
Junior Member
**




Posts: 7
Registered: 8/22/2011
Member Is Offline


[*] posted on 10/4/2011 at 03:30 AM


Many thanks for this Santhosh :) but i have an error showing. I copied your script like for like
but it gives me a "Parsing error: At line:5 char:16 unexpected token '(' in expression"

for some reason it doesn't like (objectClass) in $ObjFilter = "(objectClass=Computer)"

I not sure why this is.....any ideas?
View user's profile
hector
Junior Member
**




Posts: 7
Registered: 8/22/2011
Member Is Offline


[*] posted on 10/4/2011 at 05:50 AM


Does anyone else get this error?
View user's profile
Santhosh Sivarajan
Super Administrator
*********




Posts: 299
Registered: 6/29/2009
Location: USA
Member Is Offline


[*] posted on 10/4/2011 at 08:30 AM


That is a valid filter. Make sure you don’t have any extra space in between. Also, please post the entire script and error message here.



Santhosh Sivarajan, Microsoft MVP-Directory Services

http://blogs.sivarajan.com/
http://portal2.sivarajan.com
http://twitter.com/santhosh_sivara
http://www.linkedin.com/in/sivarajan

This posting is provided AS IS with no warranties,and confers no rights.
View user's profile Visit user's homepage
hector
Junior Member
**




Posts: 7
Registered: 8/22/2011
Member Is Offline


[*] posted on 10/4/2011 at 02:31 PM


Run in ISE

PS C:\Users\Administrator> Clear
$ServerInfoFile = New-Item -type file -force "C:\Audit\Servers.csv"
$GFile = New-Item -type file -force "C:\Audit\SGroupMemberDetails.csv"
"ServerName | Out-File $ServerInfoFile -encoding ASCII
$ObjFilter = "(objectClass=Computer)" #update the filter with Server specfic filter based on your requirement.
$objSearch = New-Object System.DirectoryServices.DirectorySearcher
$objSearch.PageSize = 15000
$objSearch.Filter = $ObjFilter
$objSearch.SearchRoot = "LDAP://OU=test, dc=my.com" #udpate the filter with your OU DN or domain name.
$AllObj = $objSearch.FindAll()
foreach ($Obj in $AllObj)
{
$objItemT = $Obj.Properties
$CName = $objItemT.name
"$CName" | Out-File $ComputerInfoFile -encoding ASCII -append
}
Import-CSV "C:\Audit\Servers.csv" | ForEach-Object {
$SName = $_.ServerName
"Server Name - $SName" | Out-File $GFile -encoding ASCII -append
$group = [ADSI]("WinNT://$SName/Administrators,group")
$GMembers = $group.psbase.invoke("Members")
$GMembers | ForEach-Object {$_.GetType().InvokeMember("Name",'GetProperty', $null, $_, $null) | Out-File $GFile -encoding ASCII -append
}


Unexpected token '(' in expression or statement.
At line:5 char:15

Unexpected token 'objectClass=Computer' in expression or statement.
At line:5 char:16

Unexpected token ')' in expression or statement.
At line:5 char:36

Same in error in PowerGui and PowerSE

[Edited on 10/4/2011 by hector]
View user's profile
Santhosh Sivarajan
Super Administrator
*********




Posts: 299
Registered: 6/29/2009
Location: USA
Member Is Offline


[*] posted on 10/16/2011 at 08:25 AM


I don’t see any errors in the script. Are you still getting the same error message?



Santhosh Sivarajan, Microsoft MVP-Directory Services

http://blogs.sivarajan.com/
http://portal2.sivarajan.com
http://twitter.com/santhosh_sivara
http://www.linkedin.com/in/sivarajan

This posting is provided AS IS with no warranties,and confers no rights.
View user's profile Visit user's homepage
IamMark
Junior Member
**




Posts: 7
Registered: 10/19/2011
Member Is Offline


[*] posted on 10/19/2011 at 01:45 PM


I can confirm that I run into the exact same error as what the original poster documented - it does not work.

I know relatively nothing about Powershell, but in trying to troubleshoot this script, I haven't been able to locate any other Powershell scripters using the same commands as what you are using, such as "$objfilter" or "$objsearch". Are these the correct commands to use?
View user's profile
Santhosh Sivarajan
Super Administrator
*********




Posts: 299
Registered: 6/29/2009
Location: USA
Member Is Offline


[*] posted on 10/19/2011 at 01:58 PM


$ObjFilter is a variable. I used to variable to defined the scope in this script. I ran this script again in the lab without any issues.

Remove the comment section “#” and try it.




Santhosh Sivarajan, Microsoft MVP-Directory Services

http://blogs.sivarajan.com/
http://portal2.sivarajan.com
http://twitter.com/santhosh_sivara
http://www.linkedin.com/in/sivarajan

This posting is provided AS IS with no warranties,and confers no rights.
View user's profile Visit user's homepage
IamMark
Junior Member
**




Posts: 7
Registered: 10/19/2011
Member Is Offline


[*] posted on 10/19/2011 at 03:01 PM


Tried that but got the same error message:

PS C:\> .\getadmins.ps1
Unexpected token '(' in expression or statement.
At C:\getadmins.ps1:5 char:16
+ $ObjFilter = "( <<<< objectClass=Computer)"
+ CategoryInfo : ParserError: ((:String) [], ParseException
+ FullyQualifiedErrorId : UnexpectedToken

I know you said you tried it, but did you actually try copying and running the script from this post (maybe something got changed between your writing the script and it getting put into this post)?

[Edited on 10/19/2011 by IamMark]

[Edited on 10/19/2011 by IamMark]
View user's profile
Santhosh Sivarajan
Super Administrator
*********




Posts: 299
Registered: 6/29/2009
Location: USA
Member Is Offline


[*] posted on 10/19/2011 at 03:16 PM


Sorry guys. It was my mistake, missed “” in line 4 (“ServerName”)

Here is the updated script :


Clear
$n = 0
$ServerInfoFile = New-Item -type file -force "C:\Scripts\Servers.csv"
$GFile = New-Item -type file -force "C:\Scripts\SGroupMemberDetails.csv"
"ServerName" | Out-File $ServerInfoFile -encoding ASCII
$ObjFilter = "(objectClass=Computer)"
$objSearch = New-Object System.DirectoryServices.DirectorySearcher
$objSearch.PageSize = 15000
$objSearch.Filter = $ObjFilter
$objSearch.SearchRoot = "LDAP://dc=santhosh, dc=lab"
$AllObj = $objSearch.FindAll()
Write-host -nonewline "Searchin AD...."
foreach ($Obj in $AllObj)
{
$objItemT = $Obj.Properties
$CName = $objItemT.name
"$CName" | Out-File $ServerInfoFile -encoding ASCII -append
$n++
}
Write-host "$n Computer Objects Found"
Import-CSV "C:\Scripts\Servers.csv" | ForEach-Object {
$SName = $_.ServerName
Write-host -nonewline "Collecting Admin info from $SName...."
"Server Name - $SName" | Out-File $GFile -encoding ASCII -append
$group = [ADSI]("WinNT://$SName/Administrators,group")
$GMembers = $group.psbase.invoke("Members")
$GMembers | ForEach-Object {$_.GetType().InvokeMember("Name",'GetProperty', $null, $_, $null) | Out-File $GFile -encoding ASCII -append}
Write-host "Done!"
$GMembers = ""
}


[Edited on 10/19/2011 by Santhosh Sivarajan]

[Edited on 10/19/2011 by Santhosh Sivarajan]




Santhosh Sivarajan, Microsoft MVP-Directory Services

http://blogs.sivarajan.com/
http://portal2.sivarajan.com
http://twitter.com/santhosh_sivara
http://www.linkedin.com/in/sivarajan

This posting is provided AS IS with no warranties,and confers no rights.
View user's profile Visit user's homepage
IamMark
Junior Member
**




Posts: 7
Registered: 10/19/2011
Member Is Offline


[*] posted on 10/19/2011 at 03:23 PM


Looks like we're making process, but now I'm running into the error below:

Exception calling "FindAll" with "0" argument(s): "Unspecified error
"
At C:\getadmins.ps1:11 char:29
+ $AllObj = $objSearch.FindAll <<<< ()
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException

Searchin AD....1 Computer Objects
Collecting Admin info from ....Exception calling "Invoke" with "2" argument(s): "Unknown error (0x80005000)"
At C:\getadmins.ps1:26 char:33
+ $GMembers = $group.psbase.invoke <<<< ("Members")
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : DotNetMethodException

You cannot call a method on a null-valued expression.
At C:\getadmins.ps1:27 char:39
+ $GMembers | ForEach-Object {$_.GetType <<<< ().InvokeMember("Name",'GetProperty', $null, $_, $null) | Out-File $GFile
-encoding ASCII -append}
+ CategoryInfo : InvalidOperation: (GetType:String) [], RuntimeException
+ FullyQualifiedErrorId : InvokeMethodOnNull

Done!


Ugh. Can't seem to disable Smilies....

[Edited on 10/19/2011 by IamMark]
View user's profile
Santhosh Sivarajan
Super Administrator
*********




Posts: 299
Registered: 6/29/2009
Location: USA
Member Is Offline


[*] posted on 10/19/2011 at 03:29 PM


It seems like script is not finding any objects. What is in “C:\Scripts\Servers.csv” file?



Santhosh Sivarajan, Microsoft MVP-Directory Services

http://blogs.sivarajan.com/
http://portal2.sivarajan.com
http://twitter.com/santhosh_sivara
http://www.linkedin.com/in/sivarajan

This posting is provided AS IS with no warranties,and confers no rights.
View user's profile Visit user's homepage
IamMark
Junior Member
**




Posts: 7
Registered: 10/19/2011
Member Is Offline


[*] posted on 10/19/2011 at 03:36 PM


Sorry. It looks like you edited your script/post shortly after I copied it. I recopied your script, and this time it worked!

Thank you very much for the script. It is helping to address an audit issue that was brought up here at our company.
View user's profile
IamMark
Junior Member
**




Posts: 7
Registered: 10/19/2011
Member Is Offline


[*] posted on 10/19/2011 at 03:40 PM


Actually I do have one question. We have servers located in completely different OUs (not sub-OUs/not in the same branch). Would there be any way to modify your script, so that it can collect data from different OUs? Or will I just have to run multiple versions of your script for the different OUs?

Thanks.
View user's profile
Santhosh Sivarajan
Super Administrator
*********




Posts: 299
Registered: 6/29/2009
Location: USA
Member Is Offline


[*] posted on 10/19/2011 at 05:30 PM


You can change the search location/scope by modifying the $objSearch.SearchRoot = "LDAP://dc=santhosh, dc=lab" value.

Here is an example to search objects only inside TestOU1
$objSearch.SearchRoot = "LDAP://OU=TestOU1, dc=santhosh, dc=lab" value.

Use the correct OU DN.




Santhosh Sivarajan, Microsoft MVP-Directory Services

http://blogs.sivarajan.com/
http://portal2.sivarajan.com
http://twitter.com/santhosh_sivara
http://www.linkedin.com/in/sivarajan

This posting is provided AS IS with no warranties,and confers no rights.
View user's profile Visit user's homepage
IamMark
Junior Member
**




Posts: 7
Registered: 10/19/2011
Member Is Offline


[*] posted on 10/20/2011 at 09:21 AM


Thanks - I know about that. What I was trying to do was configure multiple OUs at the same time as part of the script.

Is there some way to have the script email you the output file (SGroupMemberDetails.csv)?

Thanks again.
View user's profile
Santhosh Sivarajan
Super Administrator
*********




Posts: 299
Registered: 6/29/2009
Location: USA
Member Is Offline


[*] posted on 10/23/2011 at 10:27 AM


Yes. I will post the updated script tomorrow.



Santhosh Sivarajan, Microsoft MVP-Directory Services

http://blogs.sivarajan.com/
http://portal2.sivarajan.com
http://twitter.com/santhosh_sivara
http://www.linkedin.com/in/sivarajan

This posting is provided AS IS with no warranties,and confers no rights.
View user's profile Visit user's homepage
Santhosh Sivarajan
Super Administrator
*********




Posts: 299
Registered: 6/29/2009
Location: USA
Member Is Offline


[*] posted on 10/24/2011 at 10:21 AM


I created a function called “Send_Email”. You can call this function whenever you needed.

In PowerShell V2, you can use Send-MailMessage cmdlet.
http://technet.microsoft.com/en-us/library/dd347693.aspx

Here is the updated script :

########################################################################
Clear
$n = 0
$ServerInfoFile = New-Item -type file -force "C:\Scripts\Servers.csv"
$GFile = New-Item -type file -force "C:\Scripts\SGroupMemberDetails.csv"
"ServerName" | Out-File $ServerInfoFile -encoding ASCII
$ObjFilter = "(objectClass=Computer)"
$objSearch = New-Object System.DirectoryServices.DirectorySearcher
$objSearch.PageSize = 15000
$objSearch.Filter = $ObjFilter
$objSearch.SearchRoot = "LDAP://dc=santhosh, dc=lab"
$AllObj = $objSearch.FindAll()
Write-host -nonewline "Searchin AD...."
foreach ($Obj in $AllObj)
{
$objItemT = $Obj.Properties
$CName = $objItemT.name
"$CName" | Out-File $ServerInfoFile -encoding ASCII -append
$n++
}
Write-host "$n Computer Objects Found"
##########################################################################
Import-CSV "C:\Scripts\Servers.csv" | ForEach-Object {
$SName = $_.ServerName
Write-host -nonewline "Collecting Admin info from $SName...."
"Server Name - $SName" | Out-File $GFile -encoding ASCII -append
$group = [ADSI]("WinNT://$SName/Administrators,group")
$GMembers = $group.psbase.invoke("Members")
$GMembers | ForEach-Object {$_.GetType().InvokeMember("Name",'GetProperty', $null, $_, $null) | Out-File $GFile -encoding ASCII -append}
Write-host "Done!"
$GMembers = ""
}
##############################################################################
function Send_Email
{
$EFrom = "admin@santhosh.lab"
$ETo = "admin@santhosh.lab"
$ESubject = "Local Administrator Group Memebership Details"
$EBody = “Attached fle ($GFile) contians the local Admin group details”
$SMTPServer = "mail.santhosh.lab"
#Provide user name and password for SMTP server if required.
#$SMTPUsername = "SMTP User Name"
#$SMTPPassword = "SMTP Password"
$Emailmessage = New-Object system.net.mail.mailmessage
$Emailmessage.from = ($EFrom)
$Emailmessage.To.add($ETo)
$Emailmessage.Subject = $ESubject
$Emailmessage.Body = $EBody
$Attachment = New-Object System.Net.Mail.Attachment($GFile)
$Emailmessage.Attachments.Add($Attachment)
$SMTP = New-Object Net.Mail.SmtpClient($SMTPServer)
#$SMTPClient.Credentials = New-Object System.Net.NetworkCredential("$SMTPUsername", "$SMTPPassword")
$SMTP.Send($Emailmessage)
}
Send_Email
############################################################################




Santhosh Sivarajan, Microsoft MVP-Directory Services

http://blogs.sivarajan.com/
http://portal2.sivarajan.com
http://twitter.com/santhosh_sivara
http://www.linkedin.com/in/sivarajan

This posting is provided AS IS with no warranties,and confers no rights.
View user's profile Visit user's homepage
Santhosh Sivarajan
Super Administrator
*********




Posts: 299
Registered: 6/29/2009
Location: USA
Member Is Offline


[*] posted on 10/24/2011 at 12:21 PM


I have uploaded another version of the script in my blog:

http://portal.sivarajan.com/2011/10/search-ad-collect-local-admin-group.html

http://portal.sivarajan.com/2011/10/search-ad-collect-local-admin-g...


[Edited on 10/24/2011 by Santhosh Sivarajan]




Santhosh Sivarajan, Microsoft MVP-Directory Services

http://blogs.sivarajan.com/
http://portal2.sivarajan.com
http://twitter.com/santhosh_sivara
http://www.linkedin.com/in/sivarajan

This posting is provided AS IS with no warranties,and confers no rights.
View user's profile Visit user's homepage
IamMark
Junior Member
**




Posts: 7
Registered: 10/19/2011
Member Is Offline


[*] posted on 10/24/2011 at 03:24 PM


Great, thanks.
View user's profile
Santhosh Sivarajan
Super Administrator
*********




Posts: 299
Registered: 6/29/2009
Location: USA
Member Is Offline


[*] posted on 11/1/2011 at 11:58 AM


Thanks guys. I am going to close this thread. Please create a new thread if you have any other questions.



Santhosh Sivarajan, Microsoft MVP-Directory Services

http://blogs.sivarajan.com/
http://portal2.sivarajan.com
http://twitter.com/santhosh_sivara
http://www.linkedin.com/in/sivarajan

This posting is provided AS IS with no warranties,and confers no rights.
View user's profile Visit user's homepage
Santhosh Sivarajan
Super Administrator
Thread Closed
11/1/2011 at 11:58 AM

  Go To Top

Powered by XMB
Powered by SiteGround Web Hosting

XMB Forum Software © 2001-2009 The XMB Group
[Queries: 16] [PHP: 72.2% - SQL: 27.8%]