Powershell About LocalGroupMembership

一： 结合active directory获取本地群组成员信息（包含本地用户和域用户，及域用户的情况

$DBServer = "xxxx"
$DBDatabase = "xxxx"
#$table="UserInfo"
$Connection = New-Object System.Data.SQLClient.SQLConnection
$Connection.ConnectionString = "server='$DBServer';database='$DBDatabase';trusted_connection=true;"
$Connection.Open()
$Command = New-Object System.Data.SQLClient.SQLCommand
$Command.Connection = $Connection

$AllServer=Get-ADComputer -SearchScope subtree -SearchBase "ou=xxxx,dc=xxx,dc=xxx,dc=xxxx" -filter * -properties * | where {$_.Enabled -eq $true}
 
foreach($Server in $AllServer)
 {
$ComputerName=""
$ipv4Address=""
$operatingsystem=""
$whenCreated=""
$LastLogonDate=""
$Path_S = ""
$ComputerName=$Server.Name
$ipv4Address=$server.IPV4Address
#echo "$computername is $ipv4Address"
$operatingsystem=$server.operatingsystem
$whenCreated=$server.whenCreated
$LastLogonDate=$server.LastLogonDate
$Pingy = Get-WmiObject Win32_PingStatus -f "Address='$ComputerName'" 
    if($Pingy.StatusCode -eq 0)
        {
        $errorcount=$error.count
        $GroupName="Administrators"
        $results=Get-LocalGroupMembership -ComputerName $ComputerName -GroupName "Administrators"
        if($errorcount -eq $error.Count)
            { 
            $info="OK"

             Foreach($result in $results)
                    {
                    $ComputerName=$ComputerName
                    $Path=$result.Path -replace “^.*:”
                    if($Path -like "*S-1-5-21*")
                        {
                        $Path=" "
                        }
                     $Path_S = $Path_S+$Path + ";"
                    }
                  
                    echo "$Path_S"
                

               }
        else
            {
             $info="error"
            echo "$ComputerName is  $info"
            }

        }

   else{
   $info="notavailable"
        echo "$ComputerName is $info "
        }
$insert="insert into LocalMembership(ComputerName,ipv4address,operatingsystem,whenCreated,LastLogonDate,info,account,accountstatus,class,groupname,path,type) values(N'$ComputerName',N'$ipv4Address',N'$operatingsystem',N'$whenCreated',N'$LastLogonDate',N'$info',N'$account1',N'$accountstatus1',N'$class1',N'$groupname',N'$Path_S',N'$type1')" 
$cmd=new-object system.Data.SqlClient.SqlCommand($insert,$Connection) 
$cmd.CommandTimeout=6000
$cmd.ExecuteNonQuery()
 }

 

 

 

二、#Function Get-LocalGroupMembership

Function Get-LocalGroupMembership {
<#
.Synopsis
    Get the local group membership.      
.Description
    Get the local group membership.       
.Parameter ComputerName
    Name of the Computer to get group members. Default is "localhost".     
.Parameter GroupName
    Name of the GroupName to get members from. Default is "Administrators".        
.Example
    Get-LocalGroupMembership
    Description
    -----------
    Get the Administrators group membership for the localhost     
.Example
    Get-LocalGroupMembership -ComputerName SERVER01 -GroupName "Remote Desktop Users"
    Description
    -----------
    Get the membership for the the group "Remote Desktop Users" on the computer SERVER01
.Example
    Get-LocalGroupMembership -ComputerName SERVER01,SERVER02 -GroupName "Administrators"
    Description
    -----------
    Get the membership for the the group "Administrators" on the computers SERVER01 and SERVER02
.OUTPUTS
    PSCustomObject      
.INPUTS
    Array          
.Link
    N/A     
.Notes
    NAME:      Get-LocalGroupMembership
    AUTHOR:    Francois-Xavier Cat
    WEBSITE:   www.LazyWinAdmin.com
#>
 [Cmdletbinding()]
 PARAM (
        [alias('DnsHostName','__SERVER','Computer','IPAddress')]
  [Parameter(ValueFromPipelineByPropertyName=$true,ValueFromPipeline=$true)]
  [string[]]$ComputerName = $env:COMPUTERNAME,
  [string]$GroupName = "Administrators"
  )
    BEGIN{
    }#BEGIN BLOCK
    PROCESS{
        foreach ($Computer in $ComputerName){
            TRY{
                $Everything_is_OK = $true
                # Testing the connection
                Write-Verbose -Message "$Computer - Testing connection..."
                Test-Connection -ComputerName $Computer -Count 1 -ErrorAction Stop |Out-Null    
                # Get the members for the group and computer specified
                Write-Verbose -Message "$Computer - Querying..."
             $Group = [ADSI]"WinNT://$Computer/$GroupName,group"
             $Members = @($group.psbase.Invoke("Members"))
            }#TRY
            CATCH{
                $Everything_is_OK = $false
                Write-Warning -Message "Something went wrong on $Computer"
                Write-Verbose -Message "Error on $Computer"
                }#Catch
            IF($Everything_is_OK){
             # Format the Output
                Write-Verbose -Message "$Computer - Formatting Data"
             $members | ForEach-Object {
              $name = $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)
              $class = $_.GetType().InvokeMember("Class", 'GetProperty', $null, $_, $null)
              $path = $_.GetType().InvokeMember("ADsPath", 'GetProperty', $null, $_, $null)
              # Find out if this is a local or domain object
              if ($path -like "*/$Computer/*"){
               $Type = "Local"
               }
              else {$Type = "Domain"
              }
              $Details = "" | Select-Object ComputerName,Account,Class,Group,Path,Type
              $Details.ComputerName = $Computer
              $Details.Account = $name
              $Details.Class = $class
                    $Details.Group = $GroupName
              $details.Path = $path
              $details.Type = $type
              # Show the Output
                    $Details
             }
            }#IF(Everything_is_OK)
        }#Foreach
    }#PROCESS BLOCK
    END{Write-Verbose -Message "Script Done"}#END BLOCK
}#Function Get-LocalGroupMembership

View Code