Re: script to list users and groups in domain admin and local admi

From: Manlytrash (ccaldwell_at_dblair.com)
Date: 03/26/05 

Date: Sat, 26 Mar 2005 06:47:02 -0800

I can use this code from EzAD Scriptomatic but it will only give me one user
at a time and only that user I ask for. Is there a variable that will scan
the entire DC for all users? Thanks!

strContainer = ""
strName = "EzAdUser"

On Error Resume Next

'***********************************************
'* Connect to an object *
'***********************************************
Set objRootDSE = GetObject("LDAP://rootDSE")
If strContainer = "" Then
  Set objItem = GetObject("LDAP://" & _
    objRootDSE.Get("defaultNamingContext"))
Else
  Set objItem = GetObject("LDAP://cn=" & strName & "," & strContainer & ","
& _
    objRootDSE.Get("defaultNamingContext"))
End If
'***********************************************
'* End connect to an object *
'***********************************************

"Steven L Umbach" wrote:

> Domain admins membership can be determined easily enough in Active Directory
> users and Computers and as other posts have mentioned you can use scripts
> using the net command and such to enumerate local administrators. FYI MBSA
> can scan network computers and among other things be able to list the local
> administrators on each computer. Group Policy computer configuration
> Restricted Groups can be used to enforce membership in any domain or local
> group if you want to consider such. If you want to use Restricted Groups to
> restrict local computer administrators group be sure to do it at the OU
> level only. --- Steve
>
> http://www.microsoft.com/technet/security/tools/mbsahome.mspxb --- MBSA
>
> "crosswired" <crosswired@discussions.microsoft.com> wrote in message
> news:1BA8FDE1-B57F-42A1-9F35-E664D9F4960A@microsoft.com...
> >I am looking for a script or guidance to write a script that will list all
> > the users and groups that belong to the domain admin group and the local
> > admin group on each server in the domain. This way, I will not have to
> > check
> > each server individually when doing periodic security scans.
> >
> > If anyone can help, I would appreciate. Thanks.
> >
> > N.P.
>
>
>

Relevant Pages

  • Re: script to list users and groups in domain admin and local admi
    ... >> Domain admins membership can be determined easily enough in Active ... >> using the net command and such to enumerate local administrators. ... If you want to use Restricted Groups ... >>>I am looking for a script or guidance to write a script that will list ...
    (microsoft.public.win2000.security)
  • Re: User type
    ... This does help Mike - thanks ... > If the computer is member of domain then you should use domain user ... > After you have this account and group created you can write a short script ... > administrator and make your users local administrators. ...
    (microsoft.public.windows.server.setup)
  • Re: VBScript to verify is user is local admin
    ... I believe the script posted using WMI addresses one complication with the ... the WMI script, only reveal direct membership. ... Administrators group is renamed, ... Dim strUser ...
    (microsoft.public.scripting.vbscript)
  • Re: User type
    ... I miss-read you message - I now know that I must handle this in the startup ... >> After you have this account and group created you can write a short ... >> in local administrator and make your users local administrators. ... >> Put above command in batch file and run it as startup script (not logon ...
    (microsoft.public.windows.server.setup)
  • Re: script to list users and groups in domain admin and local admi
    ... > using the net command and such to enumerate local administrators. ... > Restricted Groups can be used to enforce membership in any domain or local ... >>I am looking for a script or guidance to write a script that will list all ... >> admin group on each server in the domain. ...
    (microsoft.public.win2000.security)