I'm having an emergency for a compliance audit they want to know who has access to a list of servers.
I found some scripts which help, but unfortunately it doesn't go as far as I need.
I need to list all the local groups, and users of a server. That what the script below does pretty well:
$server = "." # servername to query
$computer = [ADSI]"WinNT://$server,computer"
$list=@()
$computer.psbase.children | where { $_.psbase.schemaClassName -eq 'group' } | foreach {
$group =[ADSI]$_.psbase.Path
$group.psbase.Invoke("Members") | foreach {
$us = $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)
$list += new-object psobject -property @{Group = $group.Name;User=$us}
}
}
$list |ft -a What I would like to know, is the type of each group members. So if a member is a user, I would like to see the "JohnDoe (User)", and if it is a Group I would like to see "Group1 (Group)"
What would be also nice, is to recursively expand all the groups.
Here is an output example that I would like to get
| Group | Member | Type | Users expansion |
| Administrators | Local\User1 | User | |
| Administrators | Domainy\User2 | User | |
| Administrators | Local\Group1 | Group | List of the Group1 member |
| Administrators | Domainx\Group2 | Group | List of the Group2 member |
| Remote Desktop Users | User1 | User | |
| Remote Desktop Users | Local\User5 | User | |
| Remote Desktop Users | Domainx\Group3 | Group | List of the Group3 member |
TIA