none
Powershell Script RRS feed

  • General discussion

  • Hi, 

    I need a script that will look through AD and check if computers have a certain local admin account. 

    If that local admin account is on the computers I would like to remove the account and add another local admin account.

    • Changed type Bill_Stewart Friday, March 15, 2019 3:14 PM
    • Moved by Bill_Stewart Friday, March 15, 2019 3:17 PM This is not "scripts on demand"
    Friday, December 14, 2018 5:18 PM

All replies

  • Read this first:

    This forum is for scripting questions rather than script requests


    -- Bill Stewart [Bill_Stewart]

    Friday, December 14, 2018 5:42 PM
  • Are you looking for advice on how to approach scripting this? You may not have meant to, but this reads like you are placing an order. If you want someone to write a script for you, ask the forum who would like to do that for hire. This forum is meant to assist and guide, it isn't a free script factory. Have you looked in the script repository? That is where people share the scripts they are willing to give away to the community.

    Sean McNamara Unified Communications Engineer SPX Corporation

    Monday, December 17, 2018 1:44 PM
  • AD has no information about local accounts on computers. AD can only tell you what computers are joined to the domain. A script would need to enumerate the computer names, then use WMI to connect to each, then enumerate the members of the local Administrators group, and check for the specified name. The script would need to handle the case where the local computer is not available.

    The best way to manage membership in the local Administrators group is with the Restricted Groups feature of Group Policy. Documentation here:

    https://support.microsoft.com/en-us/help/279301/description-of-group-policy-restricted-groups


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)

    Monday, December 17, 2018 5:42 PM