RemoteGroup.psm1
|
function Get-RemoteGroup { <# .SYNOPSIS Retrieves a list of members in a local group on remote computers. .DESCRIPTION The Get-RemoteGroup function retrieves a list of members in a local group on one or more remote computers. It uses ADSI (Active Directory Service Interfaces) to query the membership of the specified local group. .PARAMETER ComputerName -ComputerName <String[]> Specifies the name or IP address of the remote computers. You can specify multiple values separated by commas. .PARAMETER LocalGroup -LocalGroup <String> Specifies the name of the local group. .EXAMPLE PS C:\>Get-RemoteGroup -ComputerName "Computer01","Computer02" -LocalGroup "Administrators" This example retrieves the members of the "Administrators" group on the remote computers "Computer01" and "Computer02". .EXAMPLE PS C:\>Get-RemoteGroup -ComputerName "Server01" -LocalGroup "Power Users" This example retrieves the members of the "Power Users" group on the remote computer "Server01". .EXAMPLE PS C:\>Get-RemoteGroup -ComputerName "Host01","Host02","Host03" -LocalGroup "Backup Operators" This example retrieves the members of the "Backup Operators" group on the remote computers "Host01", "Host02", and "Host03". .NOTES The specified local group must exist on the remote computers. If the group does not exist or cannot be found, an error will be displayed. .INPUTS String[] Accepts an array of strings as input for the ComputerName parameter. String Accepts a string as input for the LocalGroup parameter. .OUTPUTS System.Management.Automation.PSCustomObject Returns a custom object with the following properties: - Computer: the name of the remote computer. - Domain: the name of the domain of the user. - User: the name of the user. .LINK https://github.com/LuisCarrilloTech #> [CmdletBinding()] param ( [Parameter( Mandatory = $true, ValueFromPipeline = $true, Position = 0)] [String[]]$ComputerName, [Parameter(Mandatory = $true)] [String]$LocalGroup ) foreach ($computer in $ComputerName) { try { $group = [ADSI]"WinNT://$computer/$($LocalGroup)" $Members = $group.Invoke('Members') | ForEach-Object { $Path = ([ADSI]$_).path [pscustomobject]@{ ComputerName = $Computer Domain = $(Split-Path (Split-Path $path) -Leaf) Membership = $(Split-Path $path -Leaf) } } } catch { Write-Output "Error retrieving members for $($computer)" Write-Output $_.Exception.Message } finally { $Members } } } function Add-RemoteGroupMember { <# .SYNOPSIS Adds a remote member to a local group on multiple computers. .DESCRIPTION The Add-RemoteGroupMember function adds a member to a local group on multiple remote computers in a given domain. .PARAMETER ComputerName Specifies the name of the remote computers. The function accepts an array of computer names. .PARAMETER LocalGroup Specifies the name of the local group on the remote computers. .PARAMETER Domain Specifies the name of the domain where the member exists. .PARAMETER MemberName Specifies the name of the member to be added to the local group. .EXAMPLE Add-RemoteGroupMember -ComputerName "Computer1", "Computer2" -LocalGroup "Administrators" -Domain "DomainName" -MemberName "username" Adds the "username" user to the "Administrators" local group on "Computer1" and "Computer2" in the "DomainName" domain. .INPUTS None. You cannot pipe objects to this function. .OUTPUTS None. The function does not generate any output. .NOTES The function requires administrative privileges on the remote computers. .LINK https://github.com/LuisCarrilloTech #> [CmdletBinding()] param ( [Parameter( Mandatory = $true, ValueFromPipeline = $true, Position = 0)] [String[]]$ComputerName, [Parameter(Mandatory = $true)] [String]$LocalGroup, [Parameter(Mandatory = $true)] [String]$Domain, [Parameter(Mandatory = $true)] [String]$MemberName ) try { foreach ($computer in $ComputerName) { $group = [ADSI]"WinNT://$computer/$($LocalGroup)" $membership = [ADSI]"WinNT://$Domain/$MemberName" $group.Add($membership.Path) } } catch { Write-Output $_.Exception.Message } finally { if ($?) { Write-Host "Added member $MemberName to $LocalGroup group on system $computer" } } } function Remove-RemoteGroupMember { <# .SYNOPSIS Remove a specified user from a local group on one or more remote computers. .DESCRIPTION The Remove-RemoteGroupMember function removes a specified user from a local group on one or more remote computers. It uses the WinNT provider to access the local group and the domain user object. The function iterates over each remote computer specified in the $ComputerName parameter and performs the removal operation for the specified user on the local group. .PARAMETER ComputerName An array of strings representing the names of the remote computers from which you want to remove the user. .PARAMETER LocalGroup Specifies the name of the local group from which you want to remove the user. .PARAMETER Domain Specifies the name of the domain to which the user belongs. .PARAMETER MemberName Specifies the name of the user you want to remove from the local group. .INPUTS None. You cannot pipe objects to this function. .OUTPUTS "Removed <MemberName> from <Group> group on system <ComputerName" .NOTES .EXAMPLE Remove-RemoteGroupMember -ComputerName "Computer1", "Computer2" -LocalGroup "Administrators" -Domain "Contoso" -MemberName "JSmith" This example removes the user "JSmith" from the "Administrators" local group on "Computer1" and "Computer2" in the "Contoso" domain. .LINK https://github.com/LuisCarrilloTech #> [CmdletBinding()] param ( [Parameter( Mandatory = $true, ValueFromPipeline = $true, Position = 0)] [String[]]$ComputerName, [Parameter(Mandatory = $true)] [String]$LocalGroup, [Parameter(Mandatory = $true)] [String]$Domain, [Parameter(Mandatory = $true)] [String]$MemberName ) try { foreach ($computer in $ComputerName) { $group = [ADSI]"WinNT://$computer/$($LocalGroup)" $membership = [ADSI]"WinNT://$Domain/$MemberName" $group.Remove($membership.Path) } } catch { Write-Output "Error removing $($MemberName) from $($computer)" Write-Output $_.Exception.Message } finally { if ($?) { Write-Host "Removed $MemberName from $LocalGroup group on system $computer" } } } |