Ok here it is, sweet and simple. I need to verify that a list of groups were added to the local admin group in a new build (among other things) so I can promote the servers to prod...
So far, I can get the groups, and output the Boolean to a file on the remote server, get that content ( I am thinking I should be piping it but don't know how). What I would like to do, is return a set of variables with the group name and whether or not it exists in the local admin group. But ... that is not what happens...
Sorry for the rudimentary ifElse clauses, my humble skills are not the slickest... Here is the code I have been working with -Thanks in advance!:
$MemberNames = @()
$Servers = $HostName
foreach ( $Server in $Servers ) {
$Group= [ADSI]"WinNT://$Server/$LocalGroup,group"
$Members = @($Group.psbase.Invoke("Members"))
$Members | ForEach-Object {
$MemberNames += $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)
}
$ChildGroups | ForEach-Object {
$output = "" | Select-Object Group, InLocalAdmin
$output.Group = $_
$output.InLocalAdmin = $MemberNames -contains $_
Write-Output $output | Export-Csv -Path "c:\VerifyGroups.csv" -Append
#$output.Group "is in the Local Admin Group" $output.InLocalAdmin #| Export-Csv -Path "c:\VerifyGroups.csv" -Append
# }
}
#Validate local admin group membership
Get-Content -Path "c:\VerifyGroups.csv"
ForEach ($_){
if ($string -match "Domain Admins" -and "True") {$ResDomainAdminGrp = "Validation Passed: Domain Admin Group is a member of the Local Admin Group" }
elseif ($string -match "Domain Admins" -and "False") {$ResDomainAdminGrp = "Validation Failed: Domain Admin Group is not a member of the Local Admin Group" }
elseif ($string -match "Enterprise Backup Admins" -and "True") {$ResEntBaKAdmGrp = "Validation Passed: Enterprise Backup Admins is a member of the Local Admin Group" }
elseif ($string -match "Enterprise Backup Admins" -and "False") {$ResEntBaKAdmGrp = "Validation Failed: Enterprise Backup Admins is not a member of the Local Admin Group" }
elseif ($string -match "Enterprise Server Admins" -and "True") {$ResEntSvrAdmGrp = "Validation Passed: Enterprise Server Admins is a member of the Local Admin Group" }
elseif ($string -match "Enterprise Server Admins" -and "False") {$ResEntSvrAdmGrp = "Validation Failed: Enterprise Server Admins is not a member of the Local Admin Group" }
elseif ($string -match "Enterprise SQLDB Admins" -and "True") {$ResEntSQLAdmGrp = "Validation Passed: Enterprise SQLDB Admins is a member of the Local Admin Group" }
elseif ($string -match "Enterprise SQLDB Admins" -and "False") {$ResEntSQLAdmGrp = "Validation Failed: Enterprise SQLDB Admins is not a member of the Local Admin Group" }
elseif ($string -match "Enterprise SVC Admins" -and "True") {$ResEntSVCAdmGrp = "Validation Passed: Enterprise SVC Admins is a member of the Local Admin Group" }
elseif ($string -match "Enterprise SVC Admins" -and "False") {$ResEntSVCAdmGrp = "Validation Failed: Enterprise SVC Admins is not a member of the Local Admin Group" }
else {}
}
You could clean up a little bit, by making an array of the items you want to check and loop over that array.
$group =[ADSI]"WinNT://./Administrators,group"
$members = @($group.psbase.Invoke("Members")) | foreach {$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)}
$List = "Domain Admins","Enterprise Backup Admins"
foreach ($item in $list) {
if ($members -contains $item) {
"Validation Passed: $item is a member of the local admin group."
} else {
"VALIDATION FAILED: $item is not a member of the local admin group."
}
}