Rights on computer objects through AD

  • Thread starter Thread starter Solo
  • Start date Start date
S

Solo

Hi,

Is there a script that I can use through active directory that would tell me
which users have administrator rights on their machines. I was thinking
along the line of the output being a text file with each administrator group
being listed and the members of that group listed for each machine.

any suggestions welcome
thanks in advance
S.
 
const ForReading = 1, ForWriting = 2, ForAppending = 8

dim strAcctName

set oShell = CreateObject("wscript.shell")
set oFSO = CreateObject("Scripting.FileSystemObject")
set OutputFile = oFSO.CreateTextFile("FindUserinLocalAdmins.txt", TRUE)
set InputFile = oFSO.OpenTextFile("ComputerNameList.txt",ForReading)

strUserName = Trim(InputBox("Enter name of user: ", "LocalAdmin_Find"))

Do While InputFile.AtEndofStream <> TRUE
ReadLineTextFile = InputFile.ReadLine
on error resume next
Set objWMIService = GetObject("winmgmts:\\" & ReadLineTextFile &
"\root\cimv2")
if err.number <> 0 then
OutputFile.Writeline "Error connecting to WMI on " &
ReadLineTextFile
else

Set oGroup = GetObject("WinNT://" & ReadLineTextFile &
"/Administrators,group")
For Each item In oGroup.Members
OutputFile.Writeline item.Name
If item.name = strUserName Then
OutputFile.Writeline "User is a member of local admins on "
& ReadLineTextFile
End if
Next
End If
Loop


' The "ComputerNameList.txt" file will contain a list of computer names
to check
 
Hi Chris,

Thanks for your reply. I'm wondering if you could explain the below script
in a little more detail as I am not that hot with scripts...
A few questions if you please.

How do I a run this script against Active Directory? Do I run this locally
or does it need to reside else where?
I assume I save the script as (eg) .vbs?

thanks again
 
S,

The directory doesn't store that information.

What Chris' script does is this:
You provide a username in a dialog box.
You provide a list of machines in a file called (ComputerNameList.txt)
The script reaches out to each machine on the list and searches the
local admin group for the username you entered in the prompt. If it
finds a match, it notes it in a file called
FindUserinLocalAdmins.txt

Basically, each run of the script searches lots of machines for a
single ID.

With a small tweek you could list all the administrator accounts for
all the machines in your list. Is that what you're looking to do?

Tim Olsen
 
Hi Tim,

I can provide a list of machine names, but I don't want to enter a single
ID. So, you were saying about listing all the administrator accounts for the
machines listed in a text file. That would be perfect. Can you tweak the
script to offer that?

thanks for help
S.
 
Here you go... be careful with line wrap when you paste it into your
editor.


'Lists local admins
' requires ComputerNamelist.txt : a list of computers one per line, no
blank lines, no trailing spaces.
' creates FindUserinLocalAdmins.txt a list of all the admins on each
machine in Computernamelist.txt
'
' With appologies to Chris Malone, the original author.

On error resume next
const ForReading = 1, ForWriting = 2, ForAppending = 8

set oShell = CreateObject("wscript.shell")
set oFSO = CreateObject("Scripting.FileSystemObject")
set OutputFile = oFSO.CreateTextFile("FindUserinLocalAdmins.txt", TRUE)
set InputFile = oFSO.OpenTextFile("ComputerNameList.txt",ForReading)

'read the inputfile in it's entirety, convert it into an array
ListofMachines = split(inputfile.readall, vbcrlf)

For each strComputername in ListofMachines
'see if the machine is ~online:
Set objWMIService = GetObject("winmgmts:\\" & strComputername &
"\root\cimv2")
If err.number <> 0 Then
'it's not available so log it. the first line logs to a file, the
second the screen.
OutputFile.Writeline "Error connecting to WMI on " &
strComputername
wscript.stdout.writeline "Error connecting to WMI on " &
strComputername
Else
OutputFile.Writeline strComputername & " Administrators:"
wscript.stdout.writeline strComputername
'use the ADSI WinNT provider to connect to the machines admin
group.
Set oGroup = GetObject("WinNT://" & strComputername &
"/Administrators,group")
'dump out each admin name
For Each member In oGroup.members
OutputFile.Writeline vbtab & member.Name
wscript.stdout.writeline vbtab & member.Name
Next
End If
Next
 
Back
Top