Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Group Memberships
Group Memberships [message #161637] Mon, 05 October 2009 04:56 Go to next message
Kathy  is currently offline Kathy
Messages: 58
Registered: September 2009
Member
Is there a way by which we can extract the local administrator group
memberships on all workstations? May be a script which can use an input file
with the list of computer names? I am not a scripting savvy, hence looking
for any kind of ready made script if available.
Re: Group Memberships [message #161638 is a reply to message #161637] Mon, 05 October 2009 05:09 Go to previous messageGo to next message
Marcin  is currently offline Marcin  United States
Messages: 273
Registered: July 2009
Senior Member
Kathy,
you could use the script posted at
http://www.tek-tips.com/viewthread.cfm?qid=901034

hth
Marcin

"Kathy" <Kathy@live.com> wrote in message
news:uKUhtpaRKHA.4476@TK2MSFTNGP02.phx.gbl...
> Is there a way by which we can extract the local administrator group
> memberships on all workstations? May be a script which can use an input
> file with the list of computer names? I am not a scripting savvy, hence
> looking for any kind of ready made script if available.
>
Re: Group Memberships [message #161639 is a reply to message #161637] Mon, 05 October 2009 05:23 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello Kathy,

Check out this one, from another posting:

You can use the script below to generate a report on local Administrators
and Power Users. Copy it into a text file and rename it with the .vbs extension.
Run it from the domain controller. For the computers you are auditing, you
must have Administrator privileges and be able to access the computer's RPC
ports. The output is tab delimited and can be opened in Excel.

'----------------------------------------------------------- ---------------------

Set oADInfo = CreateObject("ADSystemInfo")
Set oFso = WScript.CreateObject("Scripting.Filesystemobject")
Set oShell = WScript.CreateObject("Wscript.Shell")

LogPath = oShell.SpecialFolders("MyDocuments") + "\Privileged Local
User Audit.txt"
AdsiPath = "WinNT://" + oADInfo.DomainShortName
tab = Chr(9)

' Connect to Active Directory

Set ADComputers = GetObject(AdsiPath)
ADComputers.Filter = Array("Computer")

' Open the log file

Set oLog = oFso.CreateTextfile(LogPath, true)
oLog.WriteLine "Privileged Local Users on Computers in the " + _
oADInfo.DomainDNSName + _
" domain."
oLog.WriteLine Now
oLog.WriteLine ""
oLog.WriteLine "Computer" + tab + _
"Administrators" + tab + _
"Administrators Groups" + tab + _
"Power Users" + tab + _
"Power Users Groups"

' Check each computer

For Each oComputer in ADComputers

' Trap any errors in case the user is unauthorized, the computer is
inaccessible, etc.
On Error Resume Next

' Get the Administrators users and groups

AdminUsers = ""
AdminGroups = ""
Set objGroup = GetObject("WinNT://" & oComputer.Name & "/
Administrators")
If Not(Err.Number = 0) Then
AdminUsers = Err.Number
AdminGroups = Err.Number
End If

For Each objUser In objGroup.Members
If objUser.Class = "User" Then
AdminUsers = AdminUsers + objUser.Name + "; "
else
AdminGroups = AdminGroups + objUser.Name + "; "
end if
Next

' Get the Power Users users and groups

PowerUsers = ""
PowerGroups = ""
Set objGroup = GetObject("WinNT://" & oComputer.Name & "/Power
Users")
If Not(Err.Number = 0) Then
PowerUsers = Err.Number
PowerGroups = Err.Number
End If

For Each objUser In objGroup.Members
If objUser.Class = "User" Then
PowerUsers = PowerUsers + objUser.Name + "; "
else
PowerGroups = PowerGroups + objUser.Name + "; "
end if
Next

' Output to the log

oLog.WriteLine oComputer.Name + tab + _
AdminUsers + tab + _
AdminGroups + tab + _
PowerUsers + tab + _
PowerGroups

Next

' Close log file handle, open the log in Notepad

oLog.Close
oShell.Run "notepad.exe """ + LogPath + """"

' Clean up

Set ADComputers = Nothing
Set oADInfo = Nothing
Set oFso = Nothing
Set oLog = Nothing
Set oLog = Nothing
Set oShell = Nothing

'----------------------------------------------------------- ---------------------


Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> Is there a way by which we can extract the local administrator group
> memberships on all workstations? May be a script which can use an
> input file with the list of computer names? I am not a scripting
> savvy, hence looking for any kind of ready made script if available.
>
Re: Group Memberships [message #161649 is a reply to message #161639] Mon, 05 October 2009 07:09 Go to previous messageGo to next message
Kathy  is currently offline Kathy
Messages: 58
Registered: September 2009
Member
TY Marcin and Meinolf. Exactly what i was looking for.

I hope this script can be run from an administrative workstation instead of
DC?

"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
news:6cb2911d6f108cc13d622b31ad3@msnews.microsoft.com...
> Hello Kathy,
>
> Check out this one, from another posting:
>
> You can use the script below to generate a report on local Administrators
> and Power Users. Copy it into a text file and rename it with the .vbs
> extension. Run it from the domain controller. For the computers you are
> auditing, you must have Administrator privileges and be able to access the
> computer's RPC ports. The output is tab delimited and can be opened in
> Excel.
>
> '----------------------------------------------------------- ---------------------
>
> Set oADInfo = CreateObject("ADSystemInfo")
> Set oFso = WScript.CreateObject("Scripting.Filesystemobject")
> Set oShell = WScript.CreateObject("Wscript.Shell")
>
> LogPath = oShell.SpecialFolders("MyDocuments") + "\Privileged Local
> User Audit.txt"
> AdsiPath = "WinNT://" + oADInfo.DomainShortName
> tab = Chr(9)
>
> ' Connect to Active Directory
>
> Set ADComputers = GetObject(AdsiPath)
> ADComputers.Filter = Array("Computer")
>
> ' Open the log file
>
> Set oLog = oFso.CreateTextfile(LogPath, true)
> oLog.WriteLine "Privileged Local Users on Computers in the " + _
> oADInfo.DomainDNSName + _
> " domain."
> oLog.WriteLine Now
> oLog.WriteLine ""
> oLog.WriteLine "Computer" + tab + _
> "Administrators" + tab + _
> "Administrators Groups" + tab + _
> "Power Users" + tab + _
> "Power Users Groups"
>
> ' Check each computer
>
> For Each oComputer in ADComputers
>
> ' Trap any errors in case the user is unauthorized, the computer is
> inaccessible, etc.
> On Error Resume Next
>
> ' Get the Administrators users and groups
>
> AdminUsers = ""
> AdminGroups = ""
> Set objGroup = GetObject("WinNT://" & oComputer.Name & "/
> Administrators")
> If Not(Err.Number = 0) Then
> AdminUsers = Err.Number
> AdminGroups = Err.Number
> End If
>
> For Each objUser In objGroup.Members
> If objUser.Class = "User" Then
> AdminUsers = AdminUsers + objUser.Name + "; "
> else
> AdminGroups = AdminGroups + objUser.Name + "; "
> end if
> Next
>
> ' Get the Power Users users and groups
>
> PowerUsers = ""
> PowerGroups = ""
> Set objGroup = GetObject("WinNT://" & oComputer.Name & "/Power
> Users")
> If Not(Err.Number = 0) Then
> PowerUsers = Err.Number
> PowerGroups = Err.Number
> End If
>
> For Each objUser In objGroup.Members
> If objUser.Class = "User" Then
> PowerUsers = PowerUsers + objUser.Name + "; "
> else
> PowerGroups = PowerGroups + objUser.Name + "; "
> end if
> Next
>
> ' Output to the log
>
> oLog.WriteLine oComputer.Name + tab + _
> AdminUsers + tab + _
> AdminGroups + tab + _
> PowerUsers + tab + _
> PowerGroups
>
> Next
>
> ' Close log file handle, open the log in Notepad
>
> oLog.Close
> oShell.Run "notepad.exe """ + LogPath + """"
>
> ' Clean up
>
> Set ADComputers = Nothing
> Set oADInfo = Nothing
> Set oFso = Nothing
> Set oLog = Nothing
> Set oLog = Nothing
> Set oShell = Nothing
>
> '----------------------------------------------------------- ---------------------
>
>
> Best regards
>
> Meinolf Weber
> Disclaimer: This posting is provided "AS IS" with no warranties, and
> confers no rights.
> ** Please do NOT email, only reply to Newsgroups
> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>
>> Is there a way by which we can extract the local administrator group
>> memberships on all workstations? May be a script which can use an
>> input file with the list of computer names? I am not a scripting
>> savvy, hence looking for any kind of ready made script if available.
>>
>
>
Re: Group Memberships [message #161652 is a reply to message #161649] Mon, 05 October 2009 09:04 Go to previous messageGo to next message
rlmueller-nospam  is currently offline rlmueller-nospam  United States
Messages: 292
Registered: July 2009
Senior Member
The scripts can be run from any computer joined to the domain. By default,
the group "Domain Admins" is a member of the local Administrators group of
every PC joined to the domain. A member of "Domain Admins" should have
sufficient permissions on all PC's.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

"Kathy" <Kathy@live.com> wrote in message
news:emMLF0bRKHA.3932@TK2MSFTNGP05.phx.gbl...
> TY Marcin and Meinolf. Exactly what i was looking for.
>
> I hope this script can be run from an administrative workstation instead
> of DC?
>
> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
> news:6cb2911d6f108cc13d622b31ad3@msnews.microsoft.com...
>> Hello Kathy,
>>
>> Check out this one, from another posting:
>>
>> You can use the script below to generate a report on local Administrators
>> and Power Users. Copy it into a text file and rename it with the .vbs
>> extension. Run it from the domain controller. For the computers you are
>> auditing, you must have Administrator privileges and be able to access
>> the computer's RPC ports. The output is tab delimited and can be opened
>> in Excel.
>>
>> '----------------------------------------------------------- ---------------------
>>
>> Set oADInfo = CreateObject("ADSystemInfo")
>> Set oFso = WScript.CreateObject("Scripting.Filesystemobject")
>> Set oShell = WScript.CreateObject("Wscript.Shell")
>>
>> LogPath = oShell.SpecialFolders("MyDocuments") + "\Privileged Local
>> User Audit.txt"
>> AdsiPath = "WinNT://" + oADInfo.DomainShortName
>> tab = Chr(9)
>>
>> ' Connect to Active Directory
>>
>> Set ADComputers = GetObject(AdsiPath)
>> ADComputers.Filter = Array("Computer")
>>
>> ' Open the log file
>>
>> Set oLog = oFso.CreateTextfile(LogPath, true)
>> oLog.WriteLine "Privileged Local Users on Computers in the " + _
>> oADInfo.DomainDNSName + _
>> " domain."
>> oLog.WriteLine Now
>> oLog.WriteLine ""
>> oLog.WriteLine "Computer" + tab + _
>> "Administrators" + tab + _
>> "Administrators Groups" + tab + _
>> "Power Users" + tab + _
>> "Power Users Groups"
>>
>> ' Check each computer
>>
>> For Each oComputer in ADComputers
>>
>> ' Trap any errors in case the user is unauthorized, the computer is
>> inaccessible, etc.
>> On Error Resume Next
>>
>> ' Get the Administrators users and groups
>>
>> AdminUsers = ""
>> AdminGroups = ""
>> Set objGroup = GetObject("WinNT://" & oComputer.Name & "/
>> Administrators")
>> If Not(Err.Number = 0) Then
>> AdminUsers = Err.Number
>> AdminGroups = Err.Number
>> End If
>>
>> For Each objUser In objGroup.Members
>> If objUser.Class = "User" Then
>> AdminUsers = AdminUsers + objUser.Name + "; "
>> else
>> AdminGroups = AdminGroups + objUser.Name + "; "
>> end if
>> Next
>>
>> ' Get the Power Users users and groups
>>
>> PowerUsers = ""
>> PowerGroups = ""
>> Set objGroup = GetObject("WinNT://" & oComputer.Name & "/Power
>> Users")
>> If Not(Err.Number = 0) Then
>> PowerUsers = Err.Number
>> PowerGroups = Err.Number
>> End If
>>
>> For Each objUser In objGroup.Members
>> If objUser.Class = "User" Then
>> PowerUsers = PowerUsers + objUser.Name + "; "
>> else
>> PowerGroups = PowerGroups + objUser.Name + "; "
>> end if
>> Next
>>
>> ' Output to the log
>>
>> oLog.WriteLine oComputer.Name + tab + _
>> AdminUsers + tab + _
>> AdminGroups + tab + _
>> PowerUsers + tab + _
>> PowerGroups
>>
>> Next
>>
>> ' Close log file handle, open the log in Notepad
>>
>> oLog.Close
>> oShell.Run "notepad.exe """ + LogPath + """"
>>
>> ' Clean up
>>
>> Set ADComputers = Nothing
>> Set oADInfo = Nothing
>> Set oFso = Nothing
>> Set oLog = Nothing
>> Set oLog = Nothing
>> Set oShell = Nothing
>>
>> '----------------------------------------------------------- ---------------------
>>
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>
>>> Is there a way by which we can extract the local administrator group
>>> memberships on all workstations? May be a script which can use an
>>> input file with the list of computer names? I am not a scripting
>>> savvy, hence looking for any kind of ready made script if available.
>>>
>>
>>
>
>
Re: Group Memberships [message #161677 is a reply to message #161649] Mon, 05 October 2009 23:26 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
Hello Kathy,

Yes, you can as Richard already mentioned.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> TY Marcin and Meinolf. Exactly what i was looking for.
>
> I hope this script can be run from an administrative workstation
> instead of DC?
>
> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
> news:6cb2911d6f108cc13d622b31ad3@msnews.microsoft.com...
>
>> Hello Kathy,
>>
>> Check out this one, from another posting:
>>
>> You can use the script below to generate a report on local
>> Administrators and Power Users. Copy it into a text file and rename
>> it with the .vbs extension. Run it from the domain controller. For
>> the computers you are auditing, you must have Administrator
>> privileges and be able to access the computer's RPC ports. The output
>> is tab delimited and can be opened in Excel.
>>
>> '----------------------------------------------------------- ---------
>> ------------
>>
>> Set oADInfo = CreateObject("ADSystemInfo")
>> Set oFso = WScript.CreateObject("Scripting.Filesystemobject")
>> Set oShell = WScript.CreateObject("Wscript.Shell")
>> LogPath = oShell.SpecialFolders("MyDocuments") + "\Privileged Local
>> User Audit.txt"
>> AdsiPath = "WinNT://" + oADInfo.DomainShortName
>> tab = Chr(9)
>> ' Connect to Active Directory
>>
>> Set ADComputers = GetObject(AdsiPath)
>> ADComputers.Filter = Array("Computer")
>> ' Open the log file
>>
>> Set oLog = oFso.CreateTextfile(LogPath, true)
>> oLog.WriteLine "Privileged Local Users on Computers in the " + _
>> oADInfo.DomainDNSName + _
>> " domain."
>> oLog.WriteLine Now
>> oLog.WriteLine ""
>> oLog.WriteLine "Computer" + tab + _
>> "Administrators" + tab + _
>> "Administrators Groups" + tab + _
>> "Power Users" + tab + _
>> "Power Users Groups"
>> ' Check each computer
>>
>> For Each oComputer in ADComputers
>>
>> ' Trap any errors in case the user is unauthorized, the computer is
>> inaccessible, etc.
>> On Error Resume Next
>> ' Get the Administrators users and groups
>>
>> AdminUsers = ""
>> AdminGroups = ""
>> Set objGroup = GetObject("WinNT://" & oComputer.Name & "/
>> Administrators")
>> If Not(Err.Number = 0) Then
>> AdminUsers = Err.Number
>> AdminGroups = Err.Number
>> End If
>> For Each objUser In objGroup.Members
>> If objUser.Class = "User" Then
>> AdminUsers = AdminUsers + objUser.Name + "; "
>> else
>> AdminGroups = AdminGroups + objUser.Name + "; "
>> end if
>> Next
>> ' Get the Power Users users and groups
>>
>> PowerUsers = ""
>> PowerGroups = ""
>> Set objGroup = GetObject("WinNT://" & oComputer.Name & "/Power
>> Users")
>> If Not(Err.Number = 0) Then
>> PowerUsers = Err.Number
>> PowerGroups = Err.Number
>> End If
>> For Each objUser In objGroup.Members
>> If objUser.Class = "User" Then
>> PowerUsers = PowerUsers + objUser.Name + "; "
>> else
>> PowerGroups = PowerGroups + objUser.Name + "; "
>> end if
>> Next
>> ' Output to the log
>>
>> oLog.WriteLine oComputer.Name + tab + _
>> AdminUsers + tab + _
>> AdminGroups + tab + _
>> PowerUsers + tab + _
>> PowerGroups
>> Next
>>
>> ' Close log file handle, open the log in Notepad
>>
>> oLog.Close
>> oShell.Run "notepad.exe """ + LogPath + """"
>> ' Clean up
>>
>> Set ADComputers = Nothing
>> Set oADInfo = Nothing
>> Set oFso = Nothing
>> Set oLog = Nothing
>> Set oLog = Nothing
>> Set oShell = Nothing
>> '----------------------------------------------------------- ---------
>> ------------
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Is there a way by which we can extract the local administrator group
>>> memberships on all workstations? May be a script which can use an
>>> input file with the list of computer names? I am not a scripting
>>> savvy, hence looking for any kind of ready made script if available.
>>>
Re: Group Memberships [message #161686 is a reply to message #161649] Tue, 06 October 2009 02:20 Go to previous messageGo to next message
meiweb  is currently offline meiweb  Germany
Messages: 2225
Registered: September 2009
Senior Member
'You can use the script below to generate a report on local Administrators and Power Users. Copy it into a text file and rename it with the .vbs extension. Run it from the domain controller. For the computers you are auditing, you must have Administrator privileges and be able to access the computer's RPC ports. The output is tab delimited and can be opened in Excel.


'----------------------------------------------------------- ---------------------

Set oADInfo = CreateObject("ADSystemInfo")
Set oFso = WScript.CreateObject("Scripting.Filesystemobject")
Set oShell = WScript.CreateObject("Wscript.Shell")

LogPath = oShell.SpecialFolders("MyDocuments") + "\Privileged LocalUser Audit.txt"
AdsiPath = "WinNT://" + oADInfo.DomainShortName
tab = Chr(9)

' Connect to Active Directory

Set ADComputers = GetObject(AdsiPath)
ADComputers.Filter = Array("Computer")

' Open the log file

Set oLog = oFso.CreateTextfile(LogPath, true)
oLog.WriteLine "Privileged Local Users on Computers in the " + _
oADInfo.DomainDNSName + _
" domain."
oLog.WriteLine Now
oLog.WriteLine ""
oLog.WriteLine "Computer" + tab + _
"Administrators" + tab + _
"Administrators Groups" + tab + _
"Power Users" + tab + _
"Power Users Groups"

' Check each computer

For Each oComputer in ADComputers

' Trap any errors in case the user is unauthorized, the computer is inaccessible, etc.
On Error Resume Next

' Get the Administrators users and groups

AdminUsers = ""
AdminGroups = ""
Set objGroup = GetObject("WinNT://" & oComputer.Name & "/Administrators")
If Not(Err.Number = 0) Then
AdminUsers = Err.Number
AdminGroups = Err.Number
End If

For Each objUser In objGroup.Members
If objUser.Class = "User" Then
AdminUsers = AdminUsers + objUser.Name + "; "
else
AdminGroups = AdminGroups + objUser.Name + "; "
end if
Next

' Get the Power Users users and groups

PowerUsers = ""
PowerGroups = ""
Set objGroup = GetObject("WinNT://" & oComputer.Name & "/PowerUsers")
If Not(Err.Number = 0) Then
PowerUsers = Err.Number
PowerGroups = Err.Number
End If

For Each objUser In objGroup.Members
If objUser.Class = "User" Then
PowerUsers = PowerUsers + objUser.Name + "; "
else
PowerGroups = PowerGroups + objUser.Name + "; "
end if
Next

' Output to the log

oLog.WriteLine oComputer.Name + tab + _
AdminUsers + tab + _
AdminGroups + tab + _
PowerUsers + tab + _
PowerGroups

Next

' Close log file handle, open the log in Notepad

oLog.Close
oShell.Run "notepad.exe """ + LogPath + """"

' Clean up

Set ADComputers = Nothing
Set oADInfo = Nothing
Set oFso = Nothing
Set oLog = Nothing
Set oLog = Nothing
Set oShell = Nothing

'----------------------------------------------------------- ---------------------

Re: Group Memberships [message #161719 is a reply to message #161686] Tue, 06 October 2009 11:16 Go to previous message
Kathy  is currently offline Kathy
Messages: 58
Registered: September 2009
Member
Thanks you everybody for the assistance, much appreciated.

"Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
news:6cb2911d70428cc1485b5f0af27@msnews.microsoft.com...
Hello Kathy,

I will add the .txt file to this posting. Using with copy and paste has some
disadvantages with line breaks. Just download the .txt and rename to .vbs

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm


> TY Marcin and Meinolf. Exactly what i was looking for.
>
> I hope this script can be run from an administrative workstation
> instead of DC?
>
> "Meinolf Weber [MVP-DS]" <meiweb@(nospam)gmx.de> wrote in message
> news:6cb2911d6f108cc13d622b31ad3@msnews.microsoft.com...
>
>> Hello Kathy,
>>
>> Check out this one, from another posting:
>>
>> You can use the script below to generate a report on local
>> Administrators and Power Users. Copy it into a text file and rename
>> it with the .vbs extension. Run it from the domain controller. For
>> the computers you are auditing, you must have Administrator
>> privileges and be able to access the computer's RPC ports. The output
>> is tab delimited and can be opened in Excel.
>>
>> '----------------------------------------------------------- ---------
>> ------------
>>
>> Set oADInfo = CreateObject("ADSystemInfo")
>> Set oFso = WScript.CreateObject("Scripting.Filesystemobject")
>> Set oShell = WScript.CreateObject("Wscript.Shell")
>> LogPath = oShell.SpecialFolders("MyDocuments") + "\Privileged Local
>> User Audit.txt"
>> AdsiPath = "WinNT://" + oADInfo.DomainShortName
>> tab = Chr(9)
>> ' Connect to Active Directory
>>
>> Set ADComputers = GetObject(AdsiPath)
>> ADComputers.Filter = Array("Computer")
>> ' Open the log file
>>
>> Set oLog = oFso.CreateTextfile(LogPath, true)
>> oLog.WriteLine "Privileged Local Users on Computers in the " + _
>> oADInfo.DomainDNSName + _
>> " domain."
>> oLog.WriteLine Now
>> oLog.WriteLine ""
>> oLog.WriteLine "Computer" + tab + _
>> "Administrators" + tab + _
>> "Administrators Groups" + tab + _
>> "Power Users" + tab + _
>> "Power Users Groups"
>> ' Check each computer
>>
>> For Each oComputer in ADComputers
>>
>> ' Trap any errors in case the user is unauthorized, the computer is
>> inaccessible, etc.
>> On Error Resume Next
>> ' Get the Administrators users and groups
>>
>> AdminUsers = ""
>> AdminGroups = ""
>> Set objGroup = GetObject("WinNT://" & oComputer.Name & "/
>> Administrators")
>> If Not(Err.Number = 0) Then
>> AdminUsers = Err.Number
>> AdminGroups = Err.Number
>> End If
>> For Each objUser In objGroup.Members
>> If objUser.Class = "User" Then
>> AdminUsers = AdminUsers + objUser.Name + "; "
>> else
>> AdminGroups = AdminGroups + objUser.Name + "; "
>> end if
>> Next
>> ' Get the Power Users users and groups
>>
>> PowerUsers = ""
>> PowerGroups = ""
>> Set objGroup = GetObject("WinNT://" & oComputer.Name & "/Power
>> Users")
>> If Not(Err.Number = 0) Then
>> PowerUsers = Err.Number
>> PowerGroups = Err.Number
>> End If
>> For Each objUser In objGroup.Members
>> If objUser.Class = "User" Then
>> PowerUsers = PowerUsers + objUser.Name + "; "
>> else
>> PowerGroups = PowerGroups + objUser.Name + "; "
>> end if
>> Next
>> ' Output to the log
>>
>> oLog.WriteLine oComputer.Name + tab + _
>> AdminUsers + tab + _
>> AdminGroups + tab + _
>> PowerUsers + tab + _
>> PowerGroups
>> Next
>>
>> ' Close log file handle, open the log in Notepad
>>
>> oLog.Close
>> oShell.Run "notepad.exe """ + LogPath + """"
>> ' Clean up
>>
>> Set ADComputers = Nothing
>> Set oADInfo = Nothing
>> Set oFso = Nothing
>> Set oLog = Nothing
>> Set oLog = Nothing
>> Set oShell = Nothing
>> '----------------------------------------------------------- ---------
>> ------------
>>
>> Best regards
>>
>> Meinolf Weber
>> Disclaimer: This posting is provided "AS IS" with no warranties, and
>> confers no rights.
>> ** Please do NOT email, only reply to Newsgroups
>> ** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm
>>> Is there a way by which we can extract the local administrator group
>>> memberships on all workstations? May be a script which can use an
>>> input file with the list of computer names? I am not a scripting
>>> savvy, hence looking for any kind of ready made script if available.
>>>
Previous Topic:Can not replicate Parent/Child DC's and can not raise forest functional level to 2008
Next Topic:dcdiag - replication Concerns
Goto Forum:
  


Current Time: Tue Jan 16 10:40:48 MST 2018

Total time taken to generate the page: 0.03997 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software