Finding servers containing specific domain groups

This topic contains 0 replies, has 1 voice, and was last updated by Profile photo of Forums Archives Forums Archives 5 years, 5 months ago.

  • Author
    Posts
  • #6187

    by rambog at 2012-10-09 13:26:49

    I have a list of domain groups which I am trying to scan the servers in the domain which contain them within each server's local groups. I essentially took code from http://poshcode.org/544 and amended it to suit my needs. The code is replicated below as well as the output. I am wondering how I can display ONLY the servers which contain the specified domain groups. It appears that it shows all groups and specifies whether true or false on each server. Thanks.

    $ChildGroups = Get-Content -Path "c:\test\Groups\CORP_groups.txt"
    $LocalGroup = @("Administrators", "Remote Desktop Users", "Power Users")
    $MemberNames = @()
    # get the list servers to scan
    $arrayComputer=get-QADComputer -SearchRoot 'lab.labdomain.org/Servers'|Select-Object -ExpandProperty Name
    foreach ( $Server in $arrayComputer ) {
    foreach ($LocalGroupItem in $LocalGroup){
    $Group= [ADSI]"WinNT://$Server/$LocalGroupItem,group"
    $Members = @($Group.psbase.Invoke("Members"))
    $Members | ForEach-Object {
    $MemberNames += $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)
    }
    $ChildGroups | ForEach-Object {
    $output = "" | Select-Object Server, Group, InLocalAdmin
    $output.Server = $Server
    $output.Group = $_
    $output.InLocalAdmin = $MemberNames -contains $_
    Write-Output $output
    }
    }
    }

    Server1 DomainGroup1 false
    Server1 DomainGroup2 false
    Server1 DomainGroup3 false
    etc., etc.

    by mikefrobbins at 2012-10-24 09:00:53

    Place the Write-Output cmdlet in an "If" construct so it only writes output if $output.InLocalAdmin is $true:

    $ChildGroups = Get-Content -Path "c:\test\Groups\CORP_groups.txt"
    $LocalGroup = @("Administrators", "Remote Desktop Users", "Power Users")
    $MemberNames = @()
    # get the list servers to scan
    $arrayComputer=get-QADComputer -SearchRoot 'lab.labdomain.org/Servers'|Select-Object -ExpandProperty Name
    foreach ( $Server in $arrayComputer ) {
    foreach ($LocalGroupItem in $LocalGroup){
    $Group= [ADSI]"WinNT://$Server/$LocalGroupItem,group"
    $Members = @($Group.psbase.Invoke("Members"))
    $Members | ForEach-Object {
    $MemberNames += $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)
    }
    $ChildGroups | ForEach-Object {
    $output = "" | Select-Object Server, Group, InLocalAdmin
    $output.Server = $Server
    $output.Group = $_
    $output.InLocalAdmin = $MemberNames -contains $_
    If ($output.InLocalAdmin -eq $true)
    {Write-Output $output}

    }
    }
    }

You must be logged in to reply to this topic.