Script to get user ids on remote servers.

This topic contains 2 replies, has 2 voices, and was last updated by  VT 2 weeks, 1 day ago.

  • Author
    Posts
  • #76642

    VT
    Participant

    Hi there...I am trying to get local users & admin group user ids on remote servers. I got a script that's working (mentioned below), I dont take credit to myself as I got some assistance in that. While using that script, I got some errors even when I target on some of new Server 2012 servers.

    $Output = "C:\Temp\Users-GroupMember\UserInfo.rtf"
    $Servers = Get-Content -Path "C:\Temp\Users-GroupMember\Servers.txt"
    
    foreach ($Servers in $Servers)
    
    {
    # 1. To get Local Administrators group Members
    
    Write-Output "1. *****Administrators group Members for the Server mentioned above****" |out-file $Output -Append
    
    $localgroup = "Administrators"
    $Group= [ADSI]"WinNT://$Servers/$LocalGroup,group" 
    $members = $Group.psbase.Invoke("Members")
    $members | ForEach-Object { $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null) } | Out-File $Output -Append
    
    # 2. Local user information
    
    Write-Output "2. *****Local user information for the Server mentioned above*****" | out-file $Output -Append
    
    $adsi = [ADSI]"WinNT://$Servers"
    $adsi.Children | where {$_.SchemaClassName -eq 'user'} | Foreach-Object {$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)} | out-file $Output -Append
    } 

    Error, I got was

     Exception calling "Invoke" with "2" argument(s): "The network path was not found
    At C:\Temp\Users-GroupMember\Users-GroupMember.ps1:17 char:32
    
    + FullyQualifiedErrorId : DotNetMethodException
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + $members = $Group.psbase.Invoke < <<< ("Members")
    

    When I was researching about this error, I came to know about this blog about enabling CredSSP in Windows servers (even though that for vCO powershell plugin. In that he had mentioned –

    "By default, PowerShell remoting authenticates using a “Network Logon”. Network Logons work by proving to the remote server that you have possession of the users credential without sending the credential to that server (see Kerberos and NTLM authentication). Because the remote server doesn't have possession of your credential, when you try to make the second hop (from Server A to Server B) it fails because Server A doesn't have a credential to authenticate to Server B with.

    To get around this issue, PowerShell provides the CredSSP (Credential Security Support Provider) option. When using CredSSP, PowerShell will perform a “Network Clear-text Logon” instead of a “Network Logon”. Network Clear-text Logon works by sending the user's clear-text password to the remote server. When using CredSSP, Server A will be sent the user's clear-text password, and will therefore be able to authenticate to Server B. Double hop works!"

    Can you pls share you thoughts if we need to do the same in server 2012 servers as well.

  • #76668

    Simon B
    Participant

    Just a thought. Should it not be

    foreach ($Server in $Servers)

    And then use $server in the for loop as $servers could contain multiple server names

    • #76732

      VT
      Participant

      Thanks for that thought Simon B. I tested both ways, it worked fine. My apologies for delayed reply. But I think thats shouldn't cause that error.

You must be logged in to reply to this topic.