Sign in
Microsoft.com
 
Microsoft
 
 
 

locked
PowerShell Scripting - All AD Computers > All Local Groups > All Members of Local Groups RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Greetings Everyone,

    I have been working on building a script that will query our AD for all of our computers, then identify all of the local groups on those computers, and finally identify who are members of those local groups.  I have been able to find plenty of scripts out there that will query the Local Administrators Group, however other groups are not getting collected.  To that end I have rough out the following script, which works for the most part.  I am still working on accommodating for systems that are still non responsive to WinRM.  The issue that I am experiencing with this script is at the "Out-File" section.  What I am seeing is screen out-put in PowerShell and "Out-File" being created, however the "Out-File" is a 0 kb file.

    Looking for a second (or more) set of eyes to assist in resolving the issue that I am seeing.

    Thank you in advance,

    Ralek

    $Date = (Get-Date -Format 'yyyy.MM.dd HHmm')

$ADPCs = (Get-ADComputer -Filter {(Enabled -eq $True))}).Name

ForEach ($ADPC in $ADPCs) {
  Invoke-Command -ComputerName "$ADPC" -ScriptBlock {
    $LocalGroups = (Get-LocalGroup).Name						# Collects all Local Groups from each AD PC
    ForEach ($LocalGroup in $LocalGroups) {
      $Members = (Get-LocalGroupMember $LocalGroup)				# Collects all Members of each Local Group
      If (@($Members).Count -gt 0) {
        Write-Host "Members of Local Group: $LocalGroup" `n ;
        ForEach ($Member in $Members) {
          Write-Host `t $Member `n
        } ;
        Write-Host `n
      }
    }
  } | Out-File "\\LocalHost\Scripts\Logging\Local Group Audit\$Date - $ADPC - Local Group Membership.txt"
}



    • Moved by Bill_Stewart Thursday, December 13, 2018 3:25 PM This is not "debug/fix/rewrite my script for me" forum
    Wednesday, September 19, 2018 9:55 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote

    Write-Host cannot be sent to a file.  It can only be displayed on the "host" screen.

    help Write-host -full

    \_(ツ)_/


    • Edited by jrv Wednesday, September 19, 2018 10:16 PM
    Wednesday, September 19, 2018 10:15 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    How to do this easily:

    $Date = Get-Date -Format 'yyyy.MM.dd HHmm'
$sb = {
    $LocalGroups = (Get-LocalGroup).Name # Collects all Local Groups from each AD PC
    ForEach ($LocalGroup in $LocalGroups) {
        $Members = Get-LocalGroupMember $LocalGroup  # Collects all Members of each Local Group
        If (@($Members).Count -gt 0) {
            "Members of Local Group: $LocalGroup `n"
            ForEach ($Member in $Members) {
                "$Member `n"
            }
            "`n"
        }
    }
}
Get-ADComputer -Filter {Enabled -eq $true} |
    ForEach-Object{
        Invoke-Command -ComputerName $_.Name -ScriptBlock $sb |
             Out-File "\\LocalHost\Scripts\Logging\Local Group Audit\$Date - $($_.Name) - Local Group Membership.txt"
    }

    \_(ツ)_/



    • Edited by jrv Thursday, September 20, 2018 6:18 PM
    Wednesday, September 19, 2018 10:25 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    JRV,

    Thank you for the quick response!

    Please be advised that I attempted to run this new script this morning and while the log files are being created per computer and have a file size of 1 kb, there doesn't appear to be any content in the file.

    Any thoughts?

    Thank you in advance,

    Ralek

    Thursday, September 20, 2018 4:40 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Works fine for me.  If you change the code it won't work.

    The local group management commands are only available on Windows 10 and later.

    \_(ツ)_/


    • Edited by jrv Thursday, September 20, 2018 6:19 PM
    Thursday, September 20, 2018 6:17 PM