Archived from groups: microsoft.public.win2000.security (
More info?)
You may want to post to the microsoft.public.windows.server.scripting
newsgroup, including more detail as from what you have posted it is
hard to see just what you are doing and particularly how you are
handling what is returned to you.
--
Roger
"Manlytrash" <ccaldwell@dblair.com> wrote in message
news:8BE56B84-51EA-4F56-A919-A582EDD182C8@microsoft.com...
> I can use this code from EzAD Scriptomatic but it will only give me one
user
> at a time and only that user I ask for. Is there a variable that will scan
> the entire DC for all users? Thanks!
>
>
> strContainer = ""
> strName = "EzAdUser"
>
> On Error Resume Next
>
> '***********************************************
> '* Connect to an object *
> '***********************************************
> Set objRootDSE = GetObject("LDAP://rootDSE")
> If strContainer = "" Then
> Set objItem = GetObject("LDAP://" & _
> objRootDSE.Get("defaultNamingContext"))
> Else
> Set objItem = GetObject("LDAP://cn=" & strName & "," & strContainer &
","
> & _
> objRootDSE.Get("defaultNamingContext"))
> End If
> '***********************************************
> '* End connect to an object *
> '***********************************************
>
>
> "Steven L Umbach" wrote:
>
> > Domain admins membership can be determined easily enough in Active
Directory
> > users and Computers and as other posts have mentioned you can use
scripts
> > using the net command and such to enumerate local administrators. FYI
MBSA
> > can scan network computers and among other things be able to list the
local
> > administrators on each computer. Group Policy computer configuration
> > Restricted Groups can be used to enforce membership in any domain or
local
> > group if you want to consider such. If you want to use Restricted Groups
to
> > restrict local computer administrators group be sure to do it at the OU
> > level only. --- Steve
> >
> >
http://www.microsoft.com/technet/security/tools/mbsahome.mspxb --- MBSA
> >
> > "crosswired" <crosswired@discussions.microsoft.com> wrote in message
> > news:1BA8FDE1-B57F-42A1-9F35-E664D9F4960A@microsoft.com...
> > >I am looking for a script or guidance to write a script that will list
all
> > > the users and groups that belong to the domain admin group and the
local
> > > admin group on each server in the domain. This way, I will not have
to
> > > check
> > > each server individually when doing periodic security scans.
> > >
> > > If anyone can help, I would appreciate. Thanks.
> > >
> > > N.P.
> >
> >
> >