Over the years, there are many extra and duplicate user groups in my domain. So I need to identify which machine a particular group has administrative rights to. I've done a fair amount of searching but I'm definitely having trouble finding a solution. Any good ideas?
Thanks
If I understand the question right, you want to list who is a local administrator on each machine in your domain?
You'll have to connect to each machine and list the local Administrators group. As far as I know, this information isn't kept in Active Directory or anything. There's several ways to go about this, but one way to do this is to use the free tool psexec to dump the group membership on each PC.
First you'll have to generate a list of all the Windows machines you'd like to get this info for. Save it to a plaintext file, with the hostnames or IPs each on their own line.
From a command prompt, run this command:
psexec.exe @hosts.txt -u user -p password net localgroup "Administrators" > outputfile.txt
(Where user and password are a domain admin account).
This will take quite a bit of time, depending on the amount of hosts you're scanning, but you should have a list of the groups/accounts that have local admin access.
You can query local group membership of a remote computer using PowerShell. In PowerShell V1 and V2, you can achieve this using Windows Management Instrumentation (WMI). PowerShell V3 has native cmdlets.
However, sticking with V2 (the most likely version to be available), you can get the local administrator group members for a remote machine using:
$strComputer = "computer-name-to-query";
Get-WmiObject -Class "Win32_GroupUser" -ComputerName $strComputer |
Where-Object{ $_.GroupComponent -match "Name=""Administrators""" } | ForEach-Object{
Write-Host -Object ( "{0} : {1}\{2}" -f $strComputer, ([wmi] $_.PartComponent ).Domain, ([wmi] $_.PartComponent).Name )
};
This could be bundled in a script that first queries Active Directory for all computer objects...
