I am using the function group member to determine if domain admins is in the local administrator group. It seems to work well except on some NT4 boxes. About 1/4 of NT 4 boxes are reporting that it does not have domain admins in the local group even though it does. Windows 2000 is working properly
Code:
Function Groupmembers($target, $group, optional $flag)
;NAME GroupMembers
;
;ACTION Returns an array of all group members of the specified group
;
;SYNTAX GroupMembers(Target, Group, [FLAG])
;
;PARAMETERS Target
; The Domain name or Workstation to work with. For faster workstation
; execution, include the Domain Name that the workstation is a meber of.
;
; "Kixtart/beanbag" would be working with the workstation Beanbag in the
; Kixtart domain
;
; Group
; The Group you want to query
;
; [FLAGS]
; To use the flags options add the numbers of the desired flags toghthers and
; Use that number in the flag field.
;
; Filter :(only one filter flag at a time please)
; 1 = all
; 2 = Users only
; 4 = Groups only
;
; ADSI Information(return ADSI information "pick only one")
; 8 = ADSPath field
; 16 = ADSI Object Handle
;
;RETURNS an array containing , if the ADSPath option is used the ADSPath
; will also be returned |.
;
;REMARKS ADSI com object must be installed.
;
;EXAMPLES
;this return all members of the Domain Admins group in the kixtart domain.
; $members = groupmembers("kixtart","Domain admins")
;
;
;this will will return all groups in the local administrators group on
;
;the Workstation beanbad in the kixtart domain. Also the
; $groups = groupmembers("kixtart/beanbag","Administratoos","group")
DIM $temparray[8], $member, $i, $chunk, $flag, $ADSIFlag, $filterFlag
$chunk = ubound($temparray)
$flag = val($flag)
$i = 0
$group = getobject("WinNT://$target/$group")
if vartype($group) <> 9 exit(@error) endif
select
case $flag & 1
$filterflag = 1
case $flag & 2
$filterflag = 2
case $flag & 4
$filterflag = 4
case 1
$filterflag = 1 endselect
select
case $flag & 8
$ADSIFlag = 8
case $flag & 16
$ADSIFlag = 16
endselect
for each $member in $group.members
select
case $filterflag = 2 AND $member.class = "user"
if substr($member.name,len($member.name),1) <> "$"
$temparray[$i] = $member.name
select
case $adsiflag = 8
$temparray[$i] = $member.adspath
case $adsiflag = 16
$temparray[$i] = $member
endselect
$i = $i + 1
endif
case $filterflag = 4 AND $member.class = "Group"
if substr($member.name,len($member.name),1) <> "$"
$temparray[$i] = $member.name
select
case $adsiflag = 8
$temparray[$i] = $member.adspath
case $adsiflag = 16
$temparray[$i] = $member
endselect
$i = $i + 1
endif
case $filterflag = 1
if substr($member.name,len($member.name),1) <> "$"
$temparray[$i] = $member.name
select
case $adsiflag = 8
$temparray[$i] = $member.adspath
case $adsiflag = 16
$temparray[$i] = $member
endselect
$i = $i + 1
endif
case $filterflag
;bit bucket
endselect
if $i = ubound($temparray)
redim preserve $temparray[Ubound($temparray)+$chunk]
endif
next
if $i <> 0
redim preserve $temparray[$i-1]
$groupmembers=$temparray
endif
endfunction
Return
Code:
; Used to determine if the local adminstrator group contains all the groups necessary
Call "@SCRIPTDIR\groupmember.udf"
$domainadmin="no domainadmin present"
$Administratorsgroup = GroupMembers("@wksta","Administrators",16)
; Users the function groupmembers to read members of Administrators Group
For Each $Administrators In $Administratorsgroup
$Var = $Administrators.Name ; This was needed. The GroupAdd function would not work with $Administrators.name
If $var="Domain Admins"
$domainadmin="Domain Admins Present"
EndIf
Next
$logpath="c:\"
WriteProfileString ("$logpath\smsinventory.log", "Inventory", "@WKSTA", ",@time,@date,@userid, $domainadmin")
