1

Good Morning,

I hope everyone is doing well. I am working on an issue for work. We are needing to audit all computers on our network to get list of all local admin accounts. I would like to export the list to CSV file. Here is my current script.

function get-localadmins{
  [cmdletbinding()]
  Param(
  [string]$computerName
  )
  $group = get-wmiobject win32_group -ComputerName $computerName -Filter "LocalAccount=True AND SID='S-1-5-32-544'"
  $query = "GroupComponent = `"Win32_Group.Domain='$($group.domain)'`,Name='$($group.name)'`""
  $list = Get-WmiObject win32_groupuser -ComputerName $computerName -Filter $query
  $list.PartComponent | % {$_.substring($_.lastindexof("Domain=") + 7).replace("`",Name=`"","\")}

  foreach($computer in (Get-ADComputer -Filter * -SearchBase 'OU=XXXX,DC=XXX,DC=XXX' | select name).name){
Write-Verbose "Checking $computer" -Verbose
get-localadmins -computerName $computer 
}

It works fine as long as the computers are turned on. What would I need to add to Export it to CSV file? I have seen some examples where they just pipe it using Export-CSV. Would that be it? If so where would i need to add it? I am still new and learning. I tried to research it before posting.

Thanks,

6 Spice ups
2

I would use a custom PS object to build a formatting structure for your data and then export it with Export-Csv.

3

@techadmin8 ​ Is there not an easier method? that appears a little above my skill level at this point

4

UPDATE: I tried the below

function get-localadmins{
  [cmdletbinding()]
  Param(
  [string]$computerName
  )
  $group = get-wmiobject win32_group -ComputerName $computerName -Filter "LocalAccount=True AND SID='S-1-5-32-544'"
  $query = "GroupComponent = `"Win32_Group.Domain='$($group.domain)'`,Name='$($group.name)'`""
  $list = Get-WmiObject win32_groupuser -ComputerName $computerName -Filter $query
  $list.PartComponent | % {$_.substring($_.lastindexof("Domain=") + 7).replace("`",Name=`"","\")}
}
  foreach($computer in (Get-ADComputer -Filter * -SearchBase 'OU=XXXX,DC=XXX,DC=XXX' | select name).name){
Write-Verbose "Checking $computer" -Verbose
get-localadmins -computerName $computer
Export-CSV "C:\Users\username\Documents\Powershell Scripts\Reports"
}

The script appears to be asking me to supply values for the following parameter.

5

PSCustomObjects are pretty easy to use. It’s basically like an ordered hashtable.

What kind of output does your function give you? What do you want the output to look like?

6

@techadmin8 ​ The script just display the computer name & the local admin accounts. I honestly just want it export to CSV file since there isn’t a lot of information.

7

In that case, you can try something like this:

function get-localadmins{
  [cmdletbinding()]
  Param(
  [string]$computerName
  )
  $group = get-wmiobject win32_group -ComputerName $computerName -Filter "LocalAccount=True AND SID='S-1-5-32-544'"
  $query = "GroupComponent = `"Win32_Group.Domain='$($group.domain)'`,Name='$($group.name)'`""
  $list = Get-WmiObject win32_groupuser -ComputerName $computerName -Filter $query
  $list.PartComponent | % {$_.substring($_.lastindexof("Domain=") + 7).replace("`",Name=`"","\")}

$Results = foreach($computer in (Get-ADComputer -Filter * -SearchBase 'OU=XXXX,DC=XXX,DC=XXX' | select name).name){
Write-Verbose "Checking $computer" -Verbose
get-localadmins -computerName $computer 
}
$Results | Export-Csv -Path "Drive:\Folder\File.csv" -NoTypeInformation
8

Two points. First rather than using Get-WMIObject, please consider using Get-CImInstance. Its a bit faster and is supported in PowerShell 7. Second, why use WMI to get local groups when you can use Get-LocalGroup?