Powershell script to get local administrator access of servers from Active directory

Get local administrator access of servers from Active directory

# Define local groups to audit
$groups = "Administrators", "Remote Desktop Users";

# Add Active Directory powershell plug-in
import-module activedirectory;

# Get all servers from AD and ignore predefined list
$adservers = get-adcomputer -filter {operatingsystem -like "*server*"} | where {$_.enabled -eq $true} | sort name;

# Loop through each server found in AD
foreach ($adserver in $adservers) {

    # Set server name from AD object
    $servername = $adserver.name;

    # Check if server is pingable
    if((test-connection -computername $servername -count 1 -quiet)) {

        # Loop through each group to audit
        foreach ($group in $groups) {

            # Define the localgroup in the correct format
            $localgroup = [ADSI]"WinNT://$servername/$group";

            # Get members of the local group
            $members = @($localgroup.Invoke("Members"));

            # Loop through each member found
            foreach ($member in $members) {

                # Define name and type of the member
                $memberName = $member.GetType().Invokemember("Name","GetProperty",$null,$member,$null);
                $memberType = $member.GetType().Invokemember("Class","GetProperty",$null,$member,$null);

                # Build CSV string
                $outstring = $servername + "," + $group + "," +$membername + "," +$membertype;
                # Output string to screen
                write-host $outstring;

                # Append CSV string to file
                $outstring >> c:\temp\localgroupaudit.csv;
            }
        }
    }
}