Script Repository


Members of local computer group

February 18, 2021
369

The script sends an email notification with an attached CSV file containing the list of a specific local computer group members. The script can be used in custom commands, business rules and scheduled tasks configured for Computer object type.

  • $localGroupName - Specifies the name of the local group whose members will be aded to the CSV file.
  • $csvFilePath - Specifies a UNC path to the CSV file that will be created by the script.
  • $to - Specifies a comma separated list of the report recipients.
  • $from - Specifies the email address from which the notification will be sent.
  • $smtpServer - Specifies the SMTP server to use when sending a notification.
  • $subject - Specifies the email message subject.
  • $message - Specifies the email notification message.
Edit Remove
PowerShell
$localGroupName = "Administrators" # TODO: modify me
$csvFilePath = "C:\Script\%name%_$localGroupName_Members.csv" # TODO: modify me

# Email message setings
$to = "recipient@domain.com" # TODO: modify me
$from = "noreply@domain.com" # TODO: modify me
$smtpServer = "mail.domain.com" # TODO: modify me
$subject = "List of members of local group '$localGroupName' on %name%" # TODO: modify me
$messageBody = "List of members of local group '$localGroupName' on %name%" # TODO: modify me

function GetLocalGroupMember($computerName, $localGroupName, $domainSid, $reportRecords, $domainName)
{
    if (!(Test-Connection -ComputerName $computerName -Count 1 -Quiet))
    {
        $Context.LogMessage("Connecting to a computer '$computerName' failed", "Warning")
        return $NULL
    }
    
    # Get group members
    $group = [ADSI]"WinNT://$computerName/$localGroupName"
    $members = @($group.Invoke("Members"))
    foreach ($member in $members)
    {
        $memberClass = $member.GetType().Invokemember("Class","GetProperty",$null,$member,$null)
        $memberSidBytes = $member.GetType().Invokemember("objectSID","GetProperty",$null,$member,$null)
        $memberSid = New-Object "Softerra.Adaxes.Adsi.Sid" @($memberSidBytes, 0)
        
        if ($memberClass -eq "Group")
        {
            $reportRecords = GetDomainGroupMembers $memberSid $reportRecords $domainName
        }
        else
        {
            $memberPathParts = $member.GetType().Invokemember("ADSPath","GetProperty",$null,$member,$null).Split("/")
            $memberName = $member.GetType().Invokemember("Name","GetProperty",$null,$member,$null)
            
            $record = New-Object PSObject
            $record | Add-Member -MemberType NoteProperty -Name Domain -Value $memberPathParts[2]
            $record | Add-Member -MemberType NoteProperty -Name UserName -Value $memberName
            $reportRecords += $record
        }
    }
    
    return ,$reportRecords
}

function GetDomainGroupMembers($groupSid, $reportRecords, $domainName)
{
    
    try
    {
        # Bind to the group
        $group = $Context.BindToObject("Adaxes://<SID=$groupSid>")
    }
    catch
    {
        return ,$reportRecords
    }
    
    # Get group members
    try
    {
        $memberGuidsBytes = $group.GetEx("adm-MembersGuid")
    }
    catch
    {
        return ,$reportRecords
    }
    
    # Build filter
    $filter = New-Object "System.Text.StringBuilder"
    $filter.Append("(&(sAMAccountType=805306368)(|") | Out-Null
    foreach ($guidBytes in $memberGuidsBytes)
    {
        $filter.Append([Softerra.Adaxes.Ldap.FilterBuilder]::Create("objectGuid", $guidBytes)) | Out-Null
    }
    $filter.Append("))") | Out-Null
    
    # Search all users in domain group
    $searcher = $Context.BindToObject("Adaxes://$domainName/rootDSE")
    $searcher.SearchFilter = $filter.ToString()
    $searcher.PageSize = 500
    $searcher.SearchScope = "ADS_SCOPE_SUBTREE"
    $searcher.SetPropertiesToLoad(@("name"))
    
    try
    {
        $searchResult = $searcher.ExecuteSearch()
        $users = $searchResult.FetchAll()
        
        $flatDomainName = $domainName.SubString(0,$domainName.IndexOf("."))
        foreach ($userID in $users)
        {
            $userName = $userID.Properties["name"].Value
            $record = New-Object PSObject
            $record | Add-Member -MemberType NoteProperty -Name Domain -Value $flatDomainName
            $record | Add-Member -MemberType NoteProperty -Name UserName -Value $userName
            $reportRecords += $record
        }
        return ,$reportRecords
    }
    finally
    {
        $searchResult.Dispose()
    }
}

# Get domain SID
$domainName = $Context.GetObjectDomain("%distinguishedName%")
$domain = $Context.BindToObject("Adaxes://$domainName")
$domainSid = New-Object "Softerra.Adaxes.Adsi.Sid" @($domain.Get("objectSID"), 0)

# Get group members
$reportRecords = GetLocalGroupMember "%dNSHostName%" $localGroupName $domainSid @() $domainName
if ($reportRecords -eq $NULL)
{
    return
}

# Export to the temp CSV file
$reportRecords | Sort -Property domain | Export-Csv $csvFilePath -NoTypeInformation

# Send message
Send-MailMessage -To $to -from $from -SmtpServer $smtpServer -Subject $subject -Body $messageBody -Attachments $csvFilePath

# Remove temporary CSV file
Remove-Item $csvFilePath -Force


Comments ( 0 )
No results found.
Leave a comment

Related Scripts