Author Posts

January 1, 2012 at 12:00 am

by rambog at 2012-10-09 13:26:49

I have a list of domain groups which I am trying to scan the servers in the domain which contain them within each server's local groups. I essentially took code from http://poshcode.org/544 and amended it to suit my needs. The code is replicated below as well as the output. I am wondering how I can display ONLY the servers which contain the specified domain groups. It appears that it shows all groups and specifies whether true or false on each server. Thanks.

$ChildGroups = Get-Content -Path "c:\test\Groups\CORP_groups.txt"
$LocalGroup = @("Administrators", "Remote Desktop Users", "Power Users")
$MemberNames = @()
# get the list servers to scan
$arrayComputer=get-QADComputer -SearchRoot 'lab.labdomain.org/Servers'|Select-Object -ExpandProperty Name
foreach ( $Server in $arrayComputer ) {
foreach ($LocalGroupItem in $LocalGroup){
$Group= [ADSI]"WinNT://$Server/$LocalGroupItem,group"
$Members = @($Group.psbase.Invoke("Members"))
$Members | ForEach-Object {
$MemberNames += $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)
}
$ChildGroups | ForEach-Object {
$output = "" | Select-Object Server, Group, InLocalAdmin
$output.Server = $Server
$output.Group = $_
$output.InLocalAdmin = $MemberNames -contains $_
Write-Output $output
}
}
}

Server1 DomainGroup1 false
Server1 DomainGroup2 false
Server1 DomainGroup3 false
etc., etc.

by mikefrobbins at 2012-10-24 09:00:53

Place the Write-Output cmdlet in an "If" construct so it only writes output if $output.InLocalAdmin is $true:

$ChildGroups = Get-Content -Path "c:\test\Groups\CORP_groups.txt"
$LocalGroup = @("Administrators", "Remote Desktop Users", "Power Users")
$MemberNames = @()
# get the list servers to scan
$arrayComputer=get-QADComputer -SearchRoot 'lab.labdomain.org/Servers'|Select-Object -ExpandProperty Name
foreach ( $Server in $arrayComputer ) {
foreach ($LocalGroupItem in $LocalGroup){
$Group= [ADSI]"WinNT://$Server/$LocalGroupItem,group"
$Members = @($Group.psbase.Invoke("Members"))
$Members | ForEach-Object {
$MemberNames += $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)
}
$ChildGroups | ForEach-Object {
$output = "" | Select-Object Server, Group, InLocalAdmin
$output.Server = $Server
$output.Group = $_
$output.InLocalAdmin = $MemberNames -contains $_
If ($output.InLocalAdmin -eq $true)
{Write-Output $output}

}
}
}