Server Group member

  • 356 Views
  • Last Post 31 August 2017
adriaoramos posted this 29 August 2017

Hello
I have many server and I need a tools or a command to export administrative group members of each server to a file. How can I do it?

Adriao Ferreira Ramos
Equipe de infraestrutura
Departamento de Operações e Infraestrutura - CII
tel
+55 11 3388-8193
adriaoramos@xxxxxxxxxxxxxxxx
imprimir sabesp sp face twiter youtube




Order By: Standard | Newest | Votes
oscarsotocl posted this 29 August 2017

Hi, you can use the  net localgroup command   https://technet.microsoft.com/es-es/library/cc725622(v=ws.10).aspx   Or some powershell command https://www.petri.com/use-powershell-to-find-local-groups-and-members   Greetings   Oscar Soto Casali
Gerente de Consultoría
ActiveTrainer.CL
+56994415902  

De: adriaoramos@xxxxxxxxxxxxxxxx
Enviado: martes, 29 de agosto de 2017 12:58
Para: ActiveDir@xxxxxxxxxxxxxxxx
CC: ActiveDir-owner@xxxxxxxxxxxxxxxx
Asunto: [ActiveDir] Server Group member

   

Hello
I have many server and I need a tools or a command to export administrative group members of each server to a file. How can I do it?

Adriao Ferreira Ramos
Equipe de infraestrutura
Departamento de Operações e Infraestrutura - CII
tel
+55 11 3388-8193
adriaoramos@xxxxxxxxxxxxxxxx
imprimir sabesp sp face twiter youtube




adriaoramos posted this 30 August 2017

Thank you!
With this PowerShell script, I can do exactly what I want. IO get a csv file with all the server and groups and their member.
However, I have doubt now. If I want to do the same thing with a list of active directory groups, what would I do?

$computers = get-content computers.txt
$computers | foreach {
$computername = $_
[ADSI]$S = "WinNT://$computername"
$S.children.where({$.class -eq 'group'}) |
Select @{Name="Computername";Expression={$
.Parent.split("/")[-1] }},
@{Name="Name";Expression={$.name.value}},
@{Name="Members";Expression={
[ADSI]$group = "$($
.Parent)/$($.Name),group"
$members = $Group.psbase.Invoke("Members")
($members | ForEach-Object {
$
.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)
}) -join ";"
}}
} | Export-CSV -path c:\work\localaudit.csv –notypeinformation

Adriao Ferreira Ramos
Equipe de infraestrutura
Departamento de Operações e Infraestrutura - CII
tel
+55 11 3388-8193
adriaoramos@xxxxxxxxxxxxxxxx
imprimir sabesp sp face twiter youtube







De:        Oscar Soto Casali <oscar.soto@xxxxxxxxxxxxxxxx>
Para:        "ActiveDir@xxxxxxxxxxxxxxxx" <ActiveDir@xxxxxxxxxxxxxxxx>
Data:        08/29/2017 03:16 PM
Assunto:        RE: [ActiveDir] Server Group member
Enviado por:        ActiveDir-owner@xxxxxxxxxxxxxxxx





Hi, you can use the  net localgroup command
 
https://technet.microsoft.com/es-es/library/cc725622(v=ws.10).aspx
 
Or some powershell command
https://www.petri.com/use-powershell-to-find-local-groups-and-members
 
Greetings
 
Oscar Soto Casali
Gerente de Consultoría
ActiveTrainer.CL
+56994415902
 
De: adriaoramos@xxxxxxxxxxxxxxxx
Enviado: martes, 29 de agosto de 2017 12:58
Para: ActiveDir@xxxxxxxxxxxxxxxx
CC: ActiveDir-owner@xxxxxxxxxxxxxxxx
Asunto: [ActiveDir] Server Group member
 
  Hello
I have many server and I need a tools or a command to export administrative group members of each server to a file. How can I do it?

Adriao Ferreira Ramos
Equipe de infraestrutura
Departamento de Operações e Infraestrutura - CII
tel
+55 11 3388-8193
adriaoramos@xxxxxxxxxxxxxxxx
imprimir sabesp sp face twiter youtube




oscarsotocl posted this 30 August 2017

Adriao:   Starting with Windows 2008 you can use get-ad commands, in this case you need the get-adgroupmember, to list all the users for a given group   https://technet.microsoft.com/en-us/library/ee617193.aspx   Greetings     Oscar Soto Casali
Gerente de Consultoría
ActiveTrainer.CL
+56994415902  

De: adriaoramos@xxxxxxxxxxxxxxxx
Enviado: miércoles, 30 de agosto de 2017 10:58
Para: ActiveDir@xxxxxxxxxxxxxxxx
CC: ActiveDir-owner@xxxxxxxxxxxxxxxx
Asunto: RE: [ActiveDir] Server Group member

 

Thank you!
With this PowerShell script, I can do exactly what I want. IO get a csv file with all the server and groups and their member.
However, I have doubt now. If I want to do the same thing with a list of active directory groups, what would I do?

$computers = get-content computers.txt
$computers | foreach {

$computername

$_

[ADSI]$S

"WinNT://$computername"
$S.children.where({$.class -eq 'group'}) |
Select @{Name="Computername";Expression={$
.Parent.split("/")[-1] }},
@{Name="Name";Expression={$_.name.value}},
@{Name="Members";Expression={

[ADSI]$group

"$($.Parent)/$($.Name),group"
$members = $Group.psbase.Invoke("Members")
($members | ForEach-Object {
$.GetType().InvokeMember("Name", 'GetProperty', $null, $, $null)
}) -join ";"
}}
} | Export-CSV -path c:\work\localaudit.csv –notypeinformation

Adriao Ferreira Ramos
Equipe de infraestrutura
Departamento de Operações e Infraestrutura - CII
tel
+55 11 3388-8193
adriaoramos@xxxxxxxxxxxxxxxx
imprimir sabesp sp face twiter youtube







De:        Oscar Soto Casali <oscar.soto@xxxxxxxxxxxxxxxx>
Para:        "ActiveDir@xxxxxxxxxxxxxxxx" <ActiveDir@xxxxxxxxxxxxxxxx>
Data:        08/29/2017 03:16 PM
Assunto:        RE: [ActiveDir] Server Group member
Enviado por:        ActiveDir-owner@xxxxxxxxxxxxxxxx





Hi, you can use the  net localgroup command
 
https://technet.microsoft.com/es-es/library/cc725622(v=ws.10).aspx
 
Or some powershell command
https://www.petri.com/use-powershell-to-find-local-groups-and-members
 
Greetings
 
Oscar Soto Casali
Gerente de Consultoría
ActiveTrainer.CL
+56994415902
 
De: adriaoramos@xxxxxxxxxxxxxxxx
Enviado: martes, 29 de agosto de 2017 12:58
Para: ActiveDir@xxxxxxxxxxxxxxxx
CC: ActiveDir-owner@xxxxxxxxxxxxxxxx
Asunto: [ActiveDir] Server Group member
 
  Hello
I have many server and I need a tools or a command to export administrative group members of each server to a file.

How can I do it?

Adriao Ferreira Ramos
Equipe de infraestrutura
Departamento de Operações e Infraestrutura - CII
tel
+55 11 3388-8193
adriaoramos@xxxxxxxxxxxxxxxx
imprimir sabesp sp face twiter youtube





rwilper posted this 30 August 2017

I have found that  Get-ADGroupMember will only retrieve the first 1000 or so group members if the group has a lot of members. If you are dealing with a large group, then you will need something like:

 

$GroupMembers = Get-ADGroup  $GroupName -Properties Member | Select-Object -ExpandProperty Member | Get-ADUser



     

-Ross

 

 

show

adriaoramos posted this 31 August 2017

Thank you
















Adriao

Ferreira Ramos



Equipe

de infraestrutura



Departamento

de Operações e Infraestrutura - CII



tel




+55 11 3388-8193







adriaoramos@xxxxxxxxxxxxxxxx



imprimir







sabesp

sp

face

twiter

youtube









De:      

 "Wilper, Ross"

<rwilper@xxxxxxxxxxxxxxxx>


Para:      

 "ActiveDir@xxxxxxxxxxxxxxxx"

<ActiveDir@xxxxxxxxxxxxxxxx>


Cc:      

 "ActiveDir-owner@xxxxxxxxxxxxxxxx"

<ActiveDir-owner@xxxxxxxxxxxxxxxx>


Data:      

 08/30/2017 02:53 PM


Assunto:    

   RE: [ActiveDir]

Server Group member


Enviado por:    

   ActiveDir-owner@xxxxxxxxxxxxxxxx








I have found that  Get-ADGroupMember

will only retrieve the first 1000 or so group members if the group has

a lot of members. If you are dealing with a large group, then you will

need something like:


 


$GroupMembers = Get-ADGroup

 $GroupName -Properties Member | Select-Object -ExpandProperty Member

| Get-ADUser


     


-Ross


 


 

show

barkills posted this 31 August 2017

Yes, that’s because Microsoft put a seemingly arbitrary design constraint to limit multi-value attribute results in ADWS, which is what the AD PowerShell module leverages.

 

I last wrote about that topic on this mailing list on 1/26/2017 (which in turn was a response to my post in 7/2015)—I’ve attached the email because it has useful details about overriding that limit and how much

of a non-event it was to override it with a value 40x the Microsoft default. Other than the person on the forum I cited, I haven’t heard any feedback from anyone else who has overridden that default limit nor from anyone at Microsoft explaining why the limit

is so low. But we continue to run at the 40x value without any problems.

 

Brian

 

show

Close