在 OU 中的每台计算机上获取本地管理员帐户

Get Local Admin Accounts on every computer in OU

我正在尝试获取我们整个 OU 的受尊重计算机上管理员组中所有用户帐户的列表。我找到了一个在单台计算机上显示此内容的脚本,但我想调出计算机名称的 CSV 文件,然后将结果输出到另一个 CSV 文件。这是我正在使用的脚本:

Function Get-LocalGroupMembership {
<#
    .SYNOPSIS
        Recursively list all members of a specified Local group.

    .DESCRIPTION
        Recursively list all members of a specified Local group. This can be run against a local or
        remote system or systems. Recursion is unlimited unless specified by the -Depth parameter.

        Alias: glgm

    .PARAMETER Computername
        Local or remote computer/s to perform the query against.

        Default value is the local system.

    .PARAMETER Group
        Name of the group to query on a system for all members.

        Default value is 'Administrators'

    .PARAMETER Depth
        Limit the recursive depth of a query. 

        Default value is 2147483647.

    .PARAMETER Throttle
        Number of concurrently running jobs to run at a time

        Default value is 10

    .NOTES
        Author: Boe Prox
        Created: 8 AUG 2013
        Version 1.0 (8 AUG 2013):
            -Initial creation

    .EXAMPLE
        Get-LocalGroupMembership

        Name              ParentGroup       isGroup Type   Computername Depth
        ----              -----------       ------- ----   ------------ -----
        Administrator     Administrators      False Domain DC1              1
        boe               Administrators      False Domain DC1              1
        testuser          Administrators      False Domain DC1              1
        bob               Administrators      False Domain DC1              1
        proxb             Administrators      False Domain DC1              1
        Enterprise Admins Administrators       True Domain DC1              1
        Sysops Admins     Enterprise Admins    True Domain DC1              2
        Domain Admins     Enterprise Admins    True Domain DC1              2
        Administrator     Enterprise Admins   False Domain DC1              2
        Domain Admins     Administrators       True Domain DC1              1
        proxb             Domain Admins       False Domain DC1              2
        Administrator     Domain Admins       False Domain DC1              2
        Sysops Admins     Administrators       True Domain DC1              1
        Org Admins        Sysops Admins        True Domain DC1              2
        Enterprise Admins Sysops Admins        True Domain DC1              2       

        Description
        -----------
        Gets all of the members of the 'Administrators' group on the local system.        

    .EXAMPLE
        Get-LocalGroupMembership -Group 'Administrators' -Depth 1

        Name              ParentGroup    isGroup Type   Computername Depth
        ----              -----------    ------- ----   ------------ -----
        Administrator     Administrators   False Domain DC1              1
        boe               Administrators   False Domain DC1              1
        testuser          Administrators   False Domain DC1              1
        bob               Administrators   False Domain DC1              1
        proxb             Administrators   False Domain DC1              1
        Enterprise Admins Administrators    True Domain DC1              1
        Domain Admins     Administrators    True Domain DC1              1
        Sysops Admins     Administrators    True Domain DC1              1   

        Description
        -----------
        Gets the members of 'Administrators' with only 1 level of recursion.         

#>
[cmdletbinding()]
Param (
    [parameter(ValueFromPipeline=$True,ValueFromPipelineByPropertyName=$True)]
    [Alias('CN','__Server','Computer','IPAddress')]
    [string[]]$Computername = $env:COMPUTERNAME,
    [parameter()]
    [string]$Group = "Administrators",
    [parameter()]
    [int]$Depth = ([int]::MaxValue),
    [parameter()]
    [Alias("MaxJobs")]
    [int]$Throttle = 10
)
Begin {
    $PSBoundParameters.GetEnumerator() | ForEach {
        Write-Verbose $_
    }
    #region Extra Configurations
    Write-Verbose ("Depth: {0}" -f $Depth)
    #endregion Extra Configurations
    #Define hash table for Get-RunspaceData function
    $runspacehash = @{}
    #Function to perform runspace job cleanup
    Function Get-RunspaceData {
        [cmdletbinding()]
        param(
            [switch]$Wait
        )
        Do {
            $more = $false         
            Foreach($runspace in $runspaces) {
                If ($runspace.Runspace.isCompleted) {
                    $runspace.powershell.EndInvoke($runspace.Runspace)
                    $runspace.powershell.dispose()
                    $runspace.Runspace = $null
                    $runspace.powershell = $null                 
                } ElseIf ($runspace.Runspace -ne $null) {
                    $more = $true
                }
            }
            If ($more -AND $PSBoundParameters['Wait']) {
                Start-Sleep -Milliseconds 100
            }   
            #Clean out unused runspace jobs
            $temphash = $runspaces.clone()
            $temphash | Where {
                $_.runspace -eq $Null
            } | ForEach {
                Write-Verbose ("Removing {0}" -f $_.computer)
                $Runspaces.remove($_)
            }             
        } while ($more -AND $PSBoundParameters['Wait'])
    }

    #region ScriptBlock
        $scriptBlock = {
        Param ($Computer,$Group,$Depth,$NetBIOSDomain,$ObjNT,$Translate)            
        $Script:Depth = $Depth
        $Script:ObjNT = $ObjNT
        $Script:Translate = $Translate
        $Script:NetBIOSDomain = $NetBIOSDomain
        Function Get-LocalGroupMember {
            [cmdletbinding()]
            Param (
                [parameter()]
                [System.DirectoryServices.DirectoryEntry]$LocalGroup
            )
            # Invoke the Members method and convert to an array of member objects.
            $Members= @($LocalGroup.psbase.Invoke("Members"))
            $Counter++
            ForEach ($Member In $Members) {                
                Try {
                    $Name = $Member.GetType().InvokeMember("Name", 'GetProperty', $Null, $Member, $Null)
                    $Path = $Member.GetType().InvokeMember("ADsPath", 'GetProperty', $Null, $Member, $Null)
                    # Check if this member is a group.
                    $isGroup = ($Member.GetType().InvokeMember("Class", 'GetProperty', $Null, $Member, $Null) -eq "group")
                    If (($Path -like "*/$Computer/*")) {
                        $Type = 'Local'
                    } Else {$Type = 'Domain'}
                    New-Object PSObject -Property @{
                        Computername = $Computer
                        Name = $Name
                        Type = $Type
                        ParentGroup = $LocalGroup.Name[0]
                        isGroup = $isGroup
                        Depth = $Counter
                    }
                    If ($isGroup) {
                        # Check if this group is local or domain.
                        #$host.ui.WriteVerboseLine("(RS)Checking if Counter: {0} is less than Depth: {1}" -f $Counter, $Depth)
                        If ($Counter -lt $Depth) {
                            If ($Type -eq 'Local') {
                                If ($Groups[$Name] -notcontains 'Local') {
                                    $host.ui.WriteVerboseLine(("{0}: Getting local group members" -f $Name))
                                    $Groups[$Name] += ,'Local'
                                    # Enumerate members of local group.
                                    Get-LocalGroupMember $Member
                                }
                            } Else {
                                If ($Groups[$Name] -notcontains 'Domain') {
                                    $host.ui.WriteVerboseLine(("{0}: Getting domain group members" -f $Name))
                                    $Groups[$Name] += ,'Domain'
                                    # Enumerate members of domain group.
                                    Get-DomainGroupMember $Member $Name $True
                                }
                            }
                        }
                    }
                } Catch {
                    $host.ui.WriteWarningLine(("GLGM{0}" -f $_.Exception.Message))
                }
            }
        }

        Function Get-DomainGroupMember {
            [cmdletbinding()]
            Param (
                [parameter()]
                $DomainGroup, 
                [parameter()]
                [string]$NTName, 
                [parameter()]
                [string]$blnNT
            )
            Try {
                If ($blnNT -eq $True) {
                    # Convert NetBIOS domain name of group to Distinguished Name.
                    $objNT.InvokeMember("Set", "InvokeMethod", $Null, $Translate, (3, ("{0}{1}" -f $NetBIOSDomain.Trim(),$NTName)))
                    $DN = $objNT.InvokeMember("Get", "InvokeMethod", $Null, $Translate, 1)
                    $ADGroup = [ADSI]"LDAP://$DN"
                } Else {
                    $DN = $DomainGroup.distinguishedName
                    $ADGroup = $DomainGroup
                }         
                $Counter++   
                ForEach ($MemberDN In $ADGroup.Member) {
                    $MemberGroup = [ADSI]("LDAP://{0}" -f ($MemberDN -replace '/','\/'))
                    New-Object PSObject -Property @{
                        Computername = $Computer
                        Name = $MemberGroup.name[0]
                        Type = 'Domain'
                        ParentGroup = $NTName
                        isGroup = ($MemberGroup.Class -eq "group")
                        Depth = $Counter
                    }
                    # Check if this member is a group.
                    If ($MemberGroup.Class -eq "group") {              
                        If ($Counter -lt $Depth) {
                            If ($Groups[$MemberGroup.name[0]] -notcontains 'Domain') {
                                Write-Verbose ("{0}: Getting domain group members" -f $MemberGroup.name[0])
                                $Groups[$MemberGroup.name[0]] += ,'Domain'
                                # Enumerate members of domain group.
                                Get-DomainGroupMember $MemberGroup $MemberGroup.Name[0] $False
                            }                                                
                        }
                    }
                }
            } Catch {
                $host.ui.WriteWarningLine(("GDGM{0}" -f $_.Exception.Message))
            }
        }
        #region Get Local Group Members
        $Script:Groups = @{}
        $Script:Counter=0
        # Bind to the group object with the WinNT provider.
        $ADSIGroup = [ADSI]"WinNT://$Computer/$Group,group"
        Write-Verbose ("Checking {0} membership for {1}" -f $Group,$Computer)
        $Groups[$Group] += ,'Local'
        Get-LocalGroupMember -LocalGroup $ADSIGroup
        #endregion Get Local Group Members
    }
    #endregion ScriptBlock
    Write-Verbose ("Checking to see if connected to a domain")
    Try {
        $Domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
        $Root = $Domain.GetDirectoryEntry()
        $Base = ($Root.distinguishedName)

        # Use the NameTranslate object.
        $Script:Translate = New-Object -comObject "NameTranslate"
        $Script:objNT = $Translate.GetType()

        # Initialize NameTranslate by locating the Global Catalog.
        $objNT.InvokeMember("Init", "InvokeMethod", $Null, $Translate, (3, $Null))

        # Retrieve NetBIOS name of the current domain.
        $objNT.InvokeMember("Set", "InvokeMethod", $Null, $Translate, (1, "$Base"))
        [string]$Script:NetBIOSDomain =$objNT.InvokeMember("Get", "InvokeMethod", $Null, $Translate, 3)  
    } Catch {Write-Warning ("{0}" -f $_.Exception.Message)}         

    #region Runspace Creation
    Write-Verbose ("Creating runspace pool and session states")
    $sessionstate = [system.management.automation.runspaces.initialsessionstate]::CreateDefault()
    $runspacepool = [runspacefactory]::CreateRunspacePool(1, $Throttle, $sessionstate, $Host)
    $runspacepool.Open()  

    Write-Verbose ("Creating empty collection to hold runspace jobs")
    $Script:runspaces = New-Object System.Collections.ArrayList        
    #endregion Runspace Creation
}

Process {
    ForEach ($Computer in $Computername) {
        #Create the powershell instance and supply the scriptblock with the other parameters 
        $powershell = [powershell]::Create().AddScript($scriptBlock).AddArgument($computer).AddArgument($Group).AddArgument($Depth).AddArgument($NetBIOSDomain).AddArgument($ObjNT).AddArgument($Translate)

        #Add the runspace into the powershell instance
        $powershell.RunspacePool = $runspacepool

        #Create a temporary collection for each runspace
        $temp = "" | Select-Object PowerShell,Runspace,Computer
        $Temp.Computer = $Computer
        $temp.PowerShell = $powershell

        #Save the handle output when calling BeginInvoke() that will be used later to end the runspace
        $temp.Runspace = $powershell.BeginInvoke()
        Write-Verbose ("Adding {0} collection" -f $temp.Computer)
        $runspaces.Add($temp) | Out-Null

        Write-Verbose ("Checking status of runspace jobs")
        Get-RunspaceData @runspacehash   
    }
}
End {
    Write-Verbose ("Finish processing the remaining runspace jobs: {0}" -f (@(($runspaces | Where {$_.Runspace -ne $Null}).Count)))
    $runspacehash.Wait = $true
    Get-RunspaceData @runspacehash

    #region Cleanup Runspace
    Write-Verbose ("Closing the runspace pool")
    $runspacepool.close()  
    $runspacepool.Dispose() 
    #endregion Cleanup Runspace    
}

Boe 的脚本已经包含对远程计算机的支持,使用 -ComputerName 参数:

这使得使用输入 CSV 文件查询多台计算机变得非常容易:

import-csv T:\computers.csv | Get-LocalGroupMembership 

如果您想将此输出发送到另一个 .csv 文件,只需添加导出命令:

import-csv T:\computers.csv | Get-LocalGroupMembership | Where Name | Export-CSV t:\LocalAdmins.csv

我添加了 Where Name 步骤,因为此工具的某些输出输出效果不佳,因此我们仅提取具有 Name 值的输出,回避了这个问题。

这是您可以从该工具获得的输出

net 本地组管理员

希望对您有所帮助