how can get all list of local administrator accounts and enabled computers on network?
You can’t, really, unless you can be sure that all computers are in AD, in which case, Get-ADComputer.
Yes all computers are in AD, I was using
Get-ADComputer -Filter * -Property * | Format-Table Name , Enabled -Wrap –Auto
but it shows me just list of computer, i also need local administrator accounts
This code i was trying, but not working. I am new in Powershell
Import-Module ActiveDirectory
$ADComputerArray = Get-ADComputer -Properties * -Filter * -SearchBase “OU=LocalAdministrators, DC=domainname,DC=ad”
foreach($ADComputer in $ADComputerArray){
$GroupMembers = Get-ADComputerMember $ADComputer
$file.WriteLine($ADComputer.Name + ":")
foreach ($member in $GroupMembers){
if ($member.objectClass -eq "user"){
$file.WriteLine($member.name)
}
}
$file.WriteLine("")
}
$file.Close()
It appears that you are coming from a background in VBScript trying to write a file on the fly. A more ‘Powershelly’ way to do it is working with objects and then exporting them to a file. The code you posted looked like you were trying to get AD computer information. It sounds like you want the members of the local administrator group on a computer. You can try the below which is something I modified to from this function.
function Get-LocalAdmin { #https://gallery.technet.microsoft.com/scriptcenter/Get-remote-machine-members-bc5faa57 param ( $ComputerName = $env:COMPUTERNAME ) if (Test-Connection -ComputerName $ComputerName -Count 2 -Quiet) { try { $admins = Get-WmiObject -Class Win32_GroupUser -ComputerName $ComputerName -ErrorAction Stop | Where {$_.GroupComponent –like '*"Administrators"'} $localAdmins = foreach ($admin in $admins) { $admin.partcomponent –match “.+Domain\=(.+)\,Name\=(.+)$” > $nul $matches[1].trim('"') + “\” + $matches[2].trim('"') } $props = @{ ComputerName = $ComputerName LocalAdmins = $localAdmins Status = "Success" } } catch { $props = @{ ComputerName = $ComputerName LocalAdmins = @() Status = "Failed. WMI Error connecting to {0}. {1}" -f $ComputerName, $_.Exception.Message } } } else { $props = @{ ComputerName = $ComputerName LocalAdmins = @() Status = "Ping Failed. {0} is offline." -f $ComputerName } } New-Object -TypeName PSObject -Property $props } $computers = Get-ADComputer -Properties * -Filter * -SearchBase "OU=LocalAdministrators,DC=domainname,DC=ad" $results = foreach($computer in $computers){ Get-LocalAdmin -ComputerName $computer.Name } $results
Output:
PS C:\WINDOWS\system32> Get-LocalAdmin Status ComputerName LocalAdmins ------ ------------ ----------- Success MY-PC {MY-PC\Administrator, MY-PC\Rob}
Once you have the results, you would export them to a CSV or better yet use Powershell to run queries against the $results:
$results | Select Status, ComputerName, @{Name="LocalAdmins";Expression={$_.LocalAdmins -join ","}} | Export-CSV C:\Scripts\LocalAdmin.csv -NoTypeInformation
Thank you very much, it helped me a lot
But is it possible to get list of all computers on AD and return list of local administrator accounts and the enabled\disabled status of those accounts using one script
Forexample:
ComputerName Status Local Administrator
Thanks