VBscript to Pull out the Members of the local Adminstrators Group

Below VBscript helps to pull out Members of the Local Administrators Group from the given list of computer names. You need you have admin permission on the remote computer to pull out the membership details

 

Option Explicit

Dim objNetwork, objLocalGroup
Dim objTrans, strComputer, strNetBIOSDomain
Dim Result,k,v, Lusr,Dusr, Grp
Dim filesys
Dim filetxt,Servername

‘ Determine NetBIOS name of domain and local computer.
Set objNetwork = CreateObject(“Wscript.Network”)
strNetBIOSDomain = objNetwork.UserDomain
‘strComputer = objNetwork.ComputerName

Set filesys = CreateObject(“Scripting.FileSystemObject”)
set filetxt = filesys.OpenTextFile(“D:\scripts\LocalAdministrator\Servers.txt”,1)

do Until filetxt.AtEndOfStream
Servername = filetxt.Readline
Servername = trim(Servername)

strComputer = Servername
Set objNetwork = Nothing

‘ Bind to local Administrators group.
Set objLocalGroup = GetObject(“WinNT://” & strComputer  & “/Administrators,group”)

‘ Enumerate members of the local group.
result = strComputer
Lusr = “Local User :”
grp = “Domain Group :”
Dusr = “Domain USer : “

Call EnumLocalGroup(objLocalGroup,strComputer)

Loop

Sub EnumLocalGroup(ByVal objGroup,strComputer)
    ‘ Subroutine to enumerate members of local group.
    ‘ The variable strComputer has global scope.

    Dim objMember

    ‘ Enumerate direct members of group.
    For Each objMember In objGroup.Members

 If (LCase(objMember.Class) = “group”) Then
 K = objMember.AdsPath
 V = split(K,”/”)
 grp = grp & V(2) & “/” & v(3) & ” : ”
 Else
        K = objMember.AdsPath
 V = split(K,”/”)
 if Ubound(v) = 3 Then
 Dusr = Dusr  & V(2) & “/” & v(3) & ” : ”
 ElseIF Ubound(v) = 4 Then
 Lusr = Lusr & V(3) & “/” & v(4)  & ” : ”
 ‘wscript.echo objMember.AdsPath
 End If
 End If
    Next
 wscript.echo Ucase(strComputer) & “,” & Ucase(Lusr) &”,” & Ucase(Dusr) &”,” & Ucase(grp)
End Sub

 

Copy of the script can be found in the below mentioned Link

http://powershell.com/cs/members/smtpport25.wordpress/files/AdminMembers.txt.aspx

Add-ADPermission with Exchange 2007 databases

 

Add-ADPermission cmdlet is used to provide permission to Active directory object.  This article explains you how to provide Access Exchange 2007 Database .  Below command sets permission on the Exchange Mailbox Stores and enables the AdminAccount to access uses mailboxes to  view, move, and delete messages, etc 

Get-MailboxDatabase | Add-ADPermission -User domain\Adminaccount –ExtendedRights ms-Exch-Store-Admin

Above command should workd prefectly fine, If you get any errors in executing above command then you may have to do some work around solution to set this

Add-Adpermission -identity “CN=InformationStore,CN=Exchange2007name,CN=Servers,CN=Exchange Administrative Group,CN=Administrative Groups,CN=company,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=Domain,DC=com” -User “Domain\adminAccount” –ExtendedRights ms-Exch-Store-Admin

Above command helps you the fix the problem. you may have to provide AD Distinguished Name for the Informatio store of the specific server to provide Extended Rights on access to all the Database of the specific the Exchange server. To Provide access to Individual Storage gropue then you may have to try something link this

Add-Adpermission -identity “SG=StorageGroupname,CN=InformationStore,CN=Exchange2007,CN=Servers,CN=Exchange Administrative Group,CN=Administrative Groups,CN=Our Company,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=myDomain,DC=com” -User “Domain\adminAccount” –ExtendedRights ms-Exch-Store-Admin

 

Add-Adpermission -identity “CN=Databasename,CN=StorageGroupname,CN=InformationStore,CN=Exchange2007,CN=Servers,CN=Exchange Administrative Group,CN=Administrative Groups,CN=Our Company,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=myDomain,DC=com” -User “Domain\adminAccount” –ExtendedRights ms-Exch-Store-Admin