by mderreberry at 2013-02-05 10:52:47
I’m in need of a script or solution to do the following. (Neither of the 2 servers mentioned are Domain Controllers) On a windows 2003 server - Find all local groups and list them, then list all users in those groups. Then on a windows 2008r2 server re-create the groups from the list and populate those groups with the users keeping their permissions, etc…by DonJ at 2013-02-05 10:58:52
Again thank you for your help!
Use WMI - there are classes and associator classes. Or, use ADSI and the WinNT provider (which exists on all Windows machines). The latter is probably easier, and you can likely dig up some translate-able VBScript examples. Or, use the NET command and parse its output.by mderreberry at 2013-02-06 08:16:39
Does anyone have access to any "canned" examples of using WMI or ADSI to perform this task so I can follow along with it to create a solution for my environment?by ArtB0514 at 2013-02-06 08:29:07
You can find lots of places to search for examples at http://social.technet.microsoft.com/wiki/contents/articles/183.windows-powershell-survival-guide.aspxby JeffH at 2013-02-07 05:57:57
My Managing Active Directory with PowerShell book has a lot of examples of managing local groups. In the second edition much of that material has been moved to an appendix. You need to assemble your functions in a script that follows the mental outline you have already set up.
#List all local group names and save to a variable
#foreach group in the list, get the group members
#Connect to the remote computer
#go through the collection of groups
#create the group if it doesn’t exist
#go through the collection of each local group and add members to the remote group
Then find the code, which you might have to tweak.
Here’s some quick and dirty code to list members of a group:
$computer=$env:computername
$group="Administrators"
[ADSI]$LocalGroup="WinNT://$computer/$group,group"
$members = $LocalGroup.psbase.invoke("Members")
foreach ($member in $members) {
$name = $member.GetType().InvokeMember("Name", ‘GetProperty’, $null, $member, $null)
$ADSPath = $member.GetType().InvokeMember("ADSPath", ‘GetProperty’, $null, $member, $null)
New-Object PSObject -Property @{
Name=$name
ADSPath=$ADSPath
}
}
And to list local groups
$computer=$env:computername
[ADSI]$Server="WinNT://$computer"
$server.children | where {$_.schemaClassName -eq "group"} | Select -ExpandProperty Name
See how far you can get then post again.