Script trying to check all Servers for user group

PowerShell Help
1

I’m relatively new to PS. I’m trying to get a list of all servers that might have a certain user group. When I run the script below I get this for every server in the list
“Error: A parameter cannot be found that matches parameter name ‘ComputerName’.”
Can anyone tell me what I’m doing wrong please?

Import the Active Directory module

Import-Module ActiveDirectory

Define the path to the computer names file

$computerListPath = “C:\Reports\AllServers.txt” # Change this to the path of your computer names file

Define the specific user you are searching for

$specificUser = “domain\usergroup” # Replace with the specific user you are looking for

Read the computer names from the file

$computers = Get-Content -Path $computerListPath

Create an array to store results

$results = @()

Loop through each computer and check the local Administrators group

foreach ($computer in $computers) {
try {
# Get the local administrators group members
$localAdmins = Get-LocalGroupMember -Group “Administrators” -ComputerName $computer

    # Check if the specific user is in the local administrators group
    if ($localAdmins.Name -contains $specificUser) {
        $results += "$specificUser is a member of the Administrators group on $computer"
    } else {
        $results += "$specificUser is NOT a member of the Administrators group on $computer"
    }
} catch {
    $results += "Could not access $computer. Error: $_"
}

}

Output results to a file

$results | Out-File -FilePath “C:\Reports\results.txt” # Change this to your desired output file path

2

For starters it helps if you format all of your code in one chunk. Otherwise it’s hard to read.

Also if you run Get-Help Get-LocalgroupMember you’ll have your answer of why that doesn’t work, but also your error is telling you what the Get-Help will in that that cmdlet has no ComputerName parameter.

You’ll need to use something like Invoke-Command

3

You can also use ADSI if you dont want to mess with remote powershell and or have to deal with remote systems with older versions of PowerShell. Google is your friend here.

4

How can I use ADSI to get the servers with certain user groups? I’m not familiar myself.

5 
Here is the current script I'm trying to make work.  My results are "not found" on all 3000+ servers.  I've tried admin groups and get the same result so something is missing or configured wrong.

$groupName = Read-Host "Enter Group Name"
$servers = Get-ADComputer -Filter {OperatingSystem -like "*Server*"} | Select-Object -ExpandProperty Name
$results = foreach ($server in $servers) {
    try {
        $group = Get-LocalGroup -Name $groupName -ComputerName $server -ErrorAction Stop
        [PSCustomObject]@{
            Server = $server
            Group  = $groupName
            Status = "Found"
        }
    }
    catch {
        [PSCustomObject]@{
            Server = $server
            Group  = $groupName
            Status = "Not Found"
        }
    }
}
$results | Export-Csv -Path c:\Reports\Test.csv
6

When you post code, sample data, console output or error messages please format it as code using the preformatted text button ( </> ). Simply place your cursor on an empty line, click the button and paste your code.

Thanks in advance

Guide to Posting Code - Redux <---- Click :point_up_2:t4: :wink:

( !! Sometimes the preformatted text button hides behind the settings gear symbol. :wink: )

1 Like
7

Thanks for the tip, Olaf! I made the change to last code post so hope this helps.

8

The issue is like @neemobeer said, there is no -ComputerName parameter on Get-LocalGroup.

In your original unformatted code it looks like you’re trying to get the members of a local group and then check it against a specific AD user your provided. End result is an array of text strings.

In your formatted code you’re now looking for a specific local group and outputting a PSCustomObject with the result. Either way though you’re adding a non-existent parameter to teh Get-LocalGroup* cmdlet.
If you want to run code against a remote machine you’ll have to put your Get-LocalGroup* command inside a scriptblock with Invoke-Command.

Here’s an example (I have not tested)

$groupName = Read-Host "Enter Group Name"
$servers = Get-ADComputer -Filter {OperatingSystem -like "*Server*"} | Select-Object -ExpandProperty Name
$results = foreach ($server in $servers) {
    try {
        $group = Invoke-Command -ComputerName $server -ScriptBlock {Get-LocalGroup -Name $Using:groupName -ErrorAction SilentlyContinue} -ErrorAction Stop
        if ($group.Name) {
            $Status = "Found"
        } else {
            $Status = "Not Found"
        }
    }
    catch {
        $Status = "Failed to Connect"
    }
    [PSCustomObject]@{
        Server = $server
        Group = $groupName
        Status = $Status
    }
}
$results | Export-Csv -Path c:\Reports\Test.csv

Couple things here:
We’re using Invoke-Command so that we can execute Get-LocalGroup on each server.
Rather than catching the terminating error from Get-LocalGroup failing to find the group we’re going to catch errors with Invoke-Command failing to connect to a server, or run code against a server.
Get-LocalGroup is set to SilentlyContinue in the event of an error. This way the $group variable will contain something if the group is found, and will be empty if the group is not found.
I’m a big fan minimizing repeated code so I moved the object output outside of the try/catch and define the $Status variable in one of three ways depending on how it goes.

9

This is a terrible design for quickly querying many servers since servers are referenced one by one using a loop. I’d avoid this if you have many servers to query.

10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.