function GetGroupUser{ param( [Parameter(Mandatory=$true)]$group ) Get-ADGroupMember -Identity $group | ForEach-Object { if($_.objectClass -eq "group"){ GetGroupUser $_ } else{ $_ } } } $Searcher = New-Object DirectoryServices.DirectorySearcher([ADSI]"") $Searcher.SearchRoot = 'LDAP://OU=2016,OU=App,OU=Windows,OU=MITS Servers,DC=ad,DC=medctr,DC=ucla,DC=edu' $Searcher.Filter = "(objectClass=computer)" $Computers = ($Searcher.Findall()) $Results = @() md C:\All_Local_Admins Foreach ($Computer in $Computers){ $Path=$Computer.Path [string]$Name=([ADSI]"$Path").Name write-host $Name $members =[ADSI]"WinNT://$Name/Administrators" try{ $members = @($members.psbase.Invoke("Members")) } catch{ Write-Host "$name is not found" } $members | foreach { $LocalAdmins = $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null) # Create a new object for the purpose of exporting as a CSV $Class = $_.GetType().InvokeMember("Class", 'GetProperty', $null, $_, $null) $pubObject = new-object PSObject $pubObject | add-member -membertype NoteProperty -name "Server" -Value $Name $pubObject | add-member -membertype NoteProperty -name "Administrators" -Value $LocalAdmins $pubObject | add-Member -membertype NoteProperty -name "Class" -Value $Class # Find out if this is a user or group object if ($Class -like "User"){ $Type = "User" $aduser = Get-ADuser -Filter {name -eq $LocalAdmins} if($aduser){ $DisplayName = $aduser.Name } else{ $DisplayName = "Local Account $LocalAdmins" } $pubObject | add-Member -membertype NoteProperty -name "Display Name" -Value $DisplayName } else { $Type = "Group" $DisplayName = GetGroupUser $LocalAdmins | Select -ExpandProperty name $pubObject | add-Member -membertype NoteProperty -name "Display Name" -Value $DisplayName } # Append this iteration of our for loop to our results array. $Results += $pubObject } }