We use cookies to improve your experience.
By your continued use of this site you accept such use.
For more details please see our privacy policy and cookies policy.

Script Repository

Members of local computer group

February 18, 2021 Views: 1246

The script sends an email notification with an attached CSV file containing the list of a specific local computer group members. The script can be used in custom commands, business rules and scheduled tasks configured for Computer object type.

  • $localGroupName - Specifies the name of the local group whose members will be aded to the CSV file.
  • $csvFilePath - Specifies a UNC path to the CSV file that will be created by the script.
  • $to - Specifies a comma separated list of the report recipients.
  • $from - Specifies the email address from which the notification will be sent.
  • $smtpServer - Specifies the SMTP server to use when sending a notification.
  • $subject - Specifies the email message subject.
  • $message - Specifies the email notification message.
Edit Remove
PowerShell
$localGroupName = "Administrators" # TODO: modify me
$csvFilePath = "C:\Script\%name%_$localGroupName_Members.csv" # TODO: modify me

# Email message setings
$to = "recipient@domain.com" # TODO: modify me
$from = "noreply@domain.com" # TODO: modify me
$smtpServer = "mail.domain.com" # TODO: modify me
$subject = "List of members of local group '$localGroupName' on %name%" # TODO: modify me
$messageBody = "List of members of local group '$localGroupName' on %name%" # TODO: modify me

function GetLocalGroupMember($computerName, $localGroupName, $domainSid, $reportRecords, $domainName)
{
    if (!(Test-Connection -ComputerName $computerName -Count 1 -Quiet))
    {
        $Context.LogMessage("Connecting to a computer '$computerName' failed", "Warning")
        return $NULL
    }
    
    # Get group members
    $group = [ADSI]"WinNT://$computerName/$localGroupName"
    $members = @($group.Invoke("Members"))
    foreach ($member in $members)
    {
        $memberClass = $member.GetType().Invokemember("Class","GetProperty",$null,$member,$null)
        $memberSidBytes = $member.GetType().Invokemember("objectSID","GetProperty",$null,$member,$null)
        $memberSid = New-Object "Softerra.Adaxes.Adsi.Sid" @($memberSidBytes, 0)
        
        if ($memberClass -eq "Group")
        {
            $reportRecords = GetDomainGroupMembers $memberSid $reportRecords $domainName
        }
        else
        {
            $memberPathParts = $member.GetType().Invokemember("ADSPath","GetProperty",$null,$member,$null).Split("/")
            $memberName = $member.GetType().Invokemember("Name","GetProperty",$null,$member,$null)
            
            $record = New-Object PSObject
            $record | Add-Member -MemberType NoteProperty -Name Domain -Value $memberPathParts[2]
            $record | Add-Member -MemberType NoteProperty -Name UserName -Value $memberName
            $reportRecords += $record
        }
    }
    
    return ,$reportRecords
}

function GetDomainGroupMembers($groupSid, $reportRecords, $domainName)
{
    
    try
    {
        # Bind to the group
        $group = $Context.BindToObject("Adaxes://<SID=$groupSid>")
    }
    catch
    {
        return ,$reportRecords
    }
    
    # Get group members
    try
    {
        $memberGuidsBytes = $group.GetEx("adm-MembersGuid")
    }
    catch
    {
        return ,$reportRecords
    }
    
    # Build filter
    $filter = New-Object "System.Text.StringBuilder"
    $filter.Append("(&(sAMAccountType=805306368)(|") | Out-Null
    foreach ($guidBytes in $memberGuidsBytes)
    {
        $filter.Append([Softerra.Adaxes.Ldap.FilterBuilder]::Create("objectGuid", $guidBytes)) | Out-Null
    }
    $filter.Append("))") | Out-Null
    
    # Search all users in domain group
    $searcher = $Context.BindToObject("Adaxes://$domainName/rootDSE")
    $searcher.SearchFilter = $filter.ToString()
    $searcher.PageSize = 500
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.SetPropertiesToLoad(@("name"))
    
    try
    {
        $searchResult = $searcher.ExecuteSearch()
        $users = $searchResult.FetchAll()
        
        $flatDomainName = $domainName.SubString(0,$domainName.IndexOf("."))
        foreach ($userID in $users)
        {
            $userName = $userID.Properties["name"].Value
            $record = New-Object PSObject
            $record | Add-Member -MemberType NoteProperty -Name Domain -Value $flatDomainName
            $record | Add-Member -MemberType NoteProperty -Name UserName -Value $userName
            $reportRecords += $record
        }
        return ,$reportRecords
    }
    finally
    {
        $searchResult.Dispose()
    }
}

# Get domain SID
$domainName = $Context.GetObjectDomain("%distinguishedName%")
$domain = $Context.BindToObject("Adaxes://$domainName")
$domainSid = New-Object "Softerra.Adaxes.Adsi.Sid" @($domain.Get("objectSID"), 0)

# Get group members
$reportRecords = GetLocalGroupMember "%dNSHostName%" $localGroupName $domainSid @() $domainName
if ($reportRecords -eq $NULL)
{
    return
}

# Export to the temp CSV file
$reportRecords | Sort -Property domain | Export-Csv $csvFilePath -NoTypeInformation

# Send message
Send-MailMessage -To $to -from $from -SmtpServer $smtpServer -Subject $subject -Body $messageBody -Attachments $csvFilePath

# Remove temporary CSV file
Remove-Item $csvFilePath -Force

Comments 0
Leave a comment
Loading...

Got questions?

Support Questions & Answers