Created
May 1, 2019 17:36
-
-
Save nullbind/62bff19314e42b3fd88cdc6d15e822c0 to your computer and use it in GitHub Desktop.
Get-DomainComputerWSMAN.ps1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This script uses the ActiveDirectory module to enumerate live Windows system on the domain that support WMI/PS Remoting, | |
# and filters out win7 and 2k3 | |
# Run on domain system or via 'runas /netonly /user:domain\user powershell.exe' | |
# Initial DC | |
$InitialDc = '10.4.222.205' | |
# Create connection to initial dc | |
Import-Module ActiveDirectory | |
New-PSDrive -PSProvider ActiveDirectory -Name RemoteADS -Root "" -Server $InitialDc | Out-Null | |
cd RemoteADS: | |
# Get list of domain controllers from inital DC using ADS provider | |
$DomainControllers = Get-ADGroupMember "Domain Controllers" | select @{name="ComputerName";expression={$_."name"}} | |
$DomainControllersCount = $DomainControllers | Measure-Object | Select-Object Count -ExpandProperty Count | |
Write-Output "$DomainControllersCount Domain controllers found." | |
# Get Domain | |
$DomainName = (Get-ADDomain).dnsroot | |
# Remove psdrive | |
cd c: | |
Remove-PSDrive RemoteADS | |
# Get a list of computers from each domain controller that (we do think because the lastlogon is not replicated between domain controllers | |
# - have logged in to the dc in the last 2 days | |
# - are enable | |
# - has an wsman spn (wmi/psremoting) | |
# - excluding windows 7 and Windows 2003 | |
$Progress = 0 | |
$DomainControllers | | |
ForEach-Object { | |
# Format name | |
$ComputerName = $_.ComputerName + '.' + $DomainName | |
# Increase Count | |
$Progress = $Progress + 1 | |
Write-Output "$ComputerName : $Progress of $DomainControllersCount" | |
# Create ADS ps drive | |
Write-Output "$ComputerName : Creating ADS provider" | |
New-PSDrive -PSProvider ActiveDirectory -Name RemoteADS -Root "" -Server $ComputerName | Out-Null | |
cd RemoteADS: | |
# Get computer list from DC | |
Write-Output "$ComputerName : Getting list of computers" | |
$TwoDays=(get-date).AddDays(-2); | |
$ComputerList += Get-ADComputer -Filter { serviceprincipalname -like "*WSMAN*" -and Enabled -eq $true -and LastLogonDate -gt $TwoDays -and OperatingSystem -ne "Windows 7 Enterprise" -and OperatingSystem -ne "Windows Server 2003"} -Properties dnshostname,OperatingSystem,OperatingSystemServicePack,OperatingSystemHotFix| select @{name="ComputerName";expression={$_."dnshostname"}},OperatingSystem,OperatingSystemServicePack,OperatingSystemHotFix | |
# Add computers to master table | |
Write-Output "$ComputerName : Adding computer list to master table" | |
# Remove ADS ps drive | |
Write-Output "$ComputerName : Removing ADS provider" | |
cd c: | |
Remove-PSDrive RemoteADS | |
} | |
# Remove duplicates - super slow, need a better way | |
Write-Output "Removing duplicates and sorting" | |
$ComputerList = $ComputerList | Sort-Object -Unique | |
# Count affected servers | |
Write-Output "Getting computer count" | |
$ComputerListCount = $ComputerList.rows.count | |
Write-Output "$ComputerListCount live computers with wsman found" | |
# Export and return results | |
Write-Output 'Exporting results to c:\temp\live-computers-wsman.csv and $ComputerList Variable' | |
$ComputerList | export-csv c:\temp\live-computers-wsman.csv -NoTypeInformation | |
# Create pssessions | |
Write-Output "Attempting to create psssessions" | |
$ComputerList | New-PSSession -ErrorAction SilentlyContinue | |
$SessionsCount = (Get-PSSession).count | |
Write-Output "$SessionsCount Found!" | |
# Get list of tasks from remote servers | |
Write-Output "Getting list of tasks from active pssessions" | |
$ScheduledTasks = Invoke-Command -Session (Get-PSSession) -ScriptBlock {Get-ScheduledTask} -ErrorAction SilentlyContinue | |
$ScheduledTasks | export-csv c:\temp\scheduledtasks.csv -NoTypeInformation | |
$author = $ScheduledTasks | where Author -NotLike "*$*" | where Author -NotLike "*Microsoft*" | where Author -NotLike "The major version*" | where Author -NotLike "" | Sort-Object Author | |
$author | where author -notlike "" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment