Script to get user ids on remote servers.

This topic contains 5 replies, has 3 voices, and was last updated by  VT 2 months, 2 weeks ago.

  • Author
    Posts
  • #76642

    VT
    Participant

    Hi there...I am trying to get local users & admin group user ids on remote servers. I got a script that's working (mentioned below), I dont take credit to myself as I got some assistance in that. While using that script, I got some errors even when I target on some of new Server 2012 servers.

    $Output = "C:\Temp\Users-GroupMember\UserInfo.rtf"
    $Servers = Get-Content -Path "C:\Temp\Users-GroupMember\Servers.txt"
    
    foreach ($Servers in $Servers)
    
    {
    # 1. To get Local Administrators group Members
    
    Write-Output "1. *****Administrators group Members for the Server mentioned above****" |out-file $Output -Append
    
    $localgroup = "Administrators"
    $Group= [ADSI]"WinNT://$Servers/$LocalGroup,group" 
    $members = $Group.psbase.Invoke("Members")
    $members | ForEach-Object { $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null) } | Out-File $Output -Append
    
    # 2. Local user information
    
    Write-Output "2. *****Local user information for the Server mentioned above*****" | out-file $Output -Append
    
    $adsi = [ADSI]"WinNT://$Servers"
    $adsi.Children | where {$_.SchemaClassName -eq 'user'} | Foreach-Object {$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)} | out-file $Output -Append
    } 

    Error, I got was

     Exception calling "Invoke" with "2" argument(s): "The network path was not found
    At C:\Temp\Users-GroupMember\Users-GroupMember.ps1:17 char:32
    
    + FullyQualifiedErrorId : DotNetMethodException
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + $members = $Group.psbase.Invoke < <<< ("Members")
    

    When I was researching about this error, I came to know about this blog about enabling CredSSP in Windows servers (even though that for vCO powershell plugin. In that he had mentioned –

    "By default, PowerShell remoting authenticates using a “Network Logon”. Network Logons work by proving to the remote server that you have possession of the users credential without sending the credential to that server (see Kerberos and NTLM authentication). Because the remote server doesn't have possession of your credential, when you try to make the second hop (from Server A to Server B) it fails because Server A doesn't have a credential to authenticate to Server B with.

    To get around this issue, PowerShell provides the CredSSP (Credential Security Support Provider) option. When using CredSSP, PowerShell will perform a “Network Clear-text Logon” instead of a “Network Logon”. Network Clear-text Logon works by sending the user's clear-text password to the remote server. When using CredSSP, Server A will be sent the user's clear-text password, and will therefore be able to authenticate to Server B. Double hop works!"

    Can you pls share you thoughts if we need to do the same in server 2012 servers as well.

  • #76668

    Simon B
    Participant

    Just a thought. Should it not be

    foreach ($Server in $Servers)

    And then use $server in the for loop as $servers could contain multiple server names

    • #76732

      VT
      Participant

      Thanks for that thought Simon B. I tested both ways, it worked fine. My apologies for delayed reply. But I think thats shouldn't cause that error.

  • #78994

    VT
    Participant

    I think I found the issue. I have a base server (which is in 172.128.x.x subnet – for example) to run that script. When I update with different server names (will be in different subnets – 192.168.x.x, 10.10.x.x & ...) in the ServerNames.txt file and when I run that script, its not getting the result as the script generates as expected. But When I copy the script to a server (which is in 10.12.x.x subnet) and against groups of 100 or more servers in the same 10.12.x.x subnet, it works fine.

    I really appreciate everyone who assisted in this. I thought I can update and let you know...

    • #79004

      DanT
      Participant

      Hi VT,

      If you wanted to handle that connection issue in a more graceful way, you could run Test-Connection against your $Servers array, and create two new arrays (and/or log files) based on servers you can and can't connect to – and then only perform your foreach loop on the accessible ones.

      Quick and dirty example:

      Dan

    • #79055

      VT
      Participant

      Thanks for that Dan, I think it will help. I will try that and will update.

You must be logged in to reply to this topic.