The following script lists all users in the local administrators group for all windows servers in the domainCouple of things:
- Get-ADComputer cmdlet can change to filter whatever you want. In my case I had 600 servers I wanted to check, but you could do windows 7 workstations just the same
- The Computer you are scanning needs to be turned on!
- No need to test-connection to check if the computer is on as the ADSI call errors quickly
- As it is an ADSI call it just errors automatically , as it is not a cmdlet (so no -erroraction stop parameter required for the try /catch function)
- I am using a try/catch so that even if the computer is not turned on, you still get output to the CSV
#Get all Computers where the operating system is reported as starting with windows server #eliminates windows 7,8,10 etc $Servers = Get-ADComputer -Filter ' OperatingSystem -like "Windows Server*" ' -properties OperatingSystem $i = 1 $CSV = foreach ($Server in $Servers) { Write-Progress -Activity " $i of $($Servers.count)" #Write aprogress bar so we know how fast we are gooing and how many we have try #Try to connect to the server and get details no need for -erroraction stop for some reason??? { $LocalAdmin = ([ADSI]"WinNT://$($server.name)/Administrators").psbase.invoke('Members') | %{$_.gettype().invokemember('Name', 'getproperty',$null,$_,$null)} for ($n = 1; $n -lt $LocalAdmin.count; $n++) { [PSCustomObject] @{Server = $Server.Name;OperatingSystem = $Server.OperatingSystem; LocalAdmin = $LocalAdmin[$n]} } } catch #could not connect to server, so put a record in saying that { [PSCustomObject] @{Server = $Server.Name; OperatingSystem = $Server.OperatingSystem;LocalAdmin = 'Error accessing server'} } $i++ } $csv | export-csv -NoTypeInformation -path .\localadmin.csv