Users with direct access to servers report

OK I have it working in SQL, sort of....Problem is I Used a SQL Cursor and if I paste the code into the Lansweeper Reporting Designer it fails with Object not set to an instance of an object. Code runs in SQL....SLOW!!!
My DBA warned me against doing this.... Said you were much better off creating the report to identify permissions as coming from User or Group permissions, then a link from the group to a report of it's members.

So, with all that being said.... HERE is what I have So FAR, if I figure the rest out of some SQL genius can clean up this mess (My DBA won't), have at it.

DECLARE @ADObjectID varchar(50), @AccountType varchar(50);
DECLARE @AssetID varchar(50), @AssetName varchar(50);
DECLARE @UserName varchar(50), @DomainName varchar(50);
DECLARE @UserName1 varchar(50), @DomainName1 varchar(50);
DECLARE @Name varchar(50), @SAMName varchar(50), @GroupName varchar(50);
declare EnumerateGroups Cursor
for


Select distinct tblAssets.AssetID,
tblAssets.AssetName,
G.Username,
G.Domainname,
G.Groupname,
s.sAMAccountName,
u.Username,
u.Userdomain,
AG.Name,

s.ADObjectID,

(CASE s.ADObjectID WHEN (select adobjectid from tbladusers where adobjectid = s.ADObjectID ) THEN 'USER' ELSE 'GROUP' END) AS AccountType

From tblAssets
Inner Join tblUsersInGroup G
On tblAssets.AssetID = G.AssetID
Inner Join tblAssetCustom
On tblAssets.AssetID = tblAssetCustom.AssetID

inner join tbladobjects S on
s.sAMAccountName = G.Username
and
s.domain = G.Domainname
left outer join tblADusers U on
U.ADObjectID = S.ADObjectID
left outer join tblADgroups AG on
AG.ADObjectID = S.ADObjectID
left outer join tblADMembership M on
AG.ADGroupID = m.ParentAdObjectID
left outer join tblADusers on
u.ADObjectID = m.ChildAdObjectID
Where (G.Groupname = 'administrators' Or
G.Groupname = 'remote desktop users') And
tblAssetCustom.State = 1
-- tblassets.assetid = 96






Order By tblAssets.AssetName ;

open EnumerateGroups;

Fetch Next from EnumerateGroups
Into @AssetID, @AssetName, @UserName, @DomainName, @GroupName,@SAMName, @UserName1, @DomainName1, @Name, @ADObjectID, @AccountType ;

While @@FETCH_STATUS = 0
Begin
if @AccountType = 'GROUP'
select @AssetID as 'Asset ID', tbladusers.Userdomain, tbladusers.Username, @AccountType as 'Permission From', tbladgroups.Name
from tblADMembership
inner join tbladusers on childadobjectid = tbladusers.adobjectid
inner join tbladGroups on parentadobjectid = tblADGroups.ADObjectID
inner join tblAssets on tblAssets.AssetID = @AssetID
where tblADMembership.ParentAdObjectID = @ADObjectID
order by tblassets.AssetID
else
select @AssetID as 'Asset ID', tbladusers.Userdomain, tbladusers.Username, @AccountType as 'Permission From'
from tblADusers

inner join tblAssets on tblAssets.AssetID = @AssetID
where tblADusers.ADObjectID = @ADObjectID
order by tblassets.AssetID

Fetch next from EnumerateGroups
Into @AssetID, @AssetName, @UserName, @DomainName, @GroupName,@SAMName, @UserName1, @DomainName1, @Name, @ADObjectID, @AccountType ;

End

Close EnumerateGroups;
DeAllocate EnumerateGroups;
Go

sorry to keep adding to this, but;

something like this is what I was thinking


Select tblAssets.AssetID,
tblAssets.AssetName,
G.Username,
G.Domainname,
G.Groupname,
s.sAMAccountName,
--s.ADObjectID

(CASE s.ADObjectID WHEN (select adobjectid from tbladusers where adobjectid = s.ADObjectID ) THEN 'USER' ELSE 'GROUP' END) AS [Type]

From tblAssets
Inner Join tblUsersInGroup G
On tblAssets.AssetID = G.AssetID
Inner Join tblAssetCustom
On tblAssets.AssetID = tblAssetCustom.AssetID

inner join tbladobjects S on
s.sAMAccountName = G.Username
and
s.domain = G.Domainname

Where (G.Groupname = 'administrators' Or
G.Groupname = 'remote desktop users') And
tblAssetCustom.State = 1
Order By tblAssets.AssetName

This sounds like a fun one. So, I am approaching it like this;
-Your query returns local users, local groups, domain users, and domain groups
-You want the output to be only local users and domain users (no groups)
---When a group is there, you want its members instead

If I am reading that correctly, that is good I want the same report.
Problem I see is that some users will be there multiple times thru membership in several groups. Do you want uniqueness?

I would think you could take your current report, add a column for isGroup (Boolean) T/F depending on whether it is a group or a user. then you could have a different report that gives you the members of that group? Basically you are trying to determine how someone has access and they could have it multiple ways. It's a great idea, let's see what we can do.
you may have to look at tblusersingroup and the .admingroup since there could be a local group that has admin permissions that you are missing?

somehow you have to link in tbladusers and tbladgroups, tbladobjects, and tbladmembership where you are matching the domain and samaccountname in tbladobjects then using the adobjectid in the tblgroups and then enumerating the group from there I believe.
I am going to keep hacking at it myself will post if I succeed

Hi,

Sorry, if i was not so clear.
In Administrator group there can be groups also. So i would like to show the members of the groups instead listing only the AD group name.

But maybe this is not possible.

Thx,

Roland

If we understand you correctly you want a report with all the servers, their domain and all the user accounts which have the "Administrator" and "Remote Desktop Users" group.

In your SQL code you are already extracting the group members of the "Administrator" and "Remote Desktop Users" groups.
If you want to show all the group members you can delete the highlighted where clause in your SQL code.

Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblUsersInGroup.Username,
tblUsersInGroup.Domainname,
tblUsersInGroup.Groupname
From tblAssets
Inner Join tblUsersInGroup On tblAssets.AssetID = tblUsersInGroup.AssetID
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Where (tblUsersInGroup.Groupname = 'administrators' Or
tblUsersInGroup.Groupname = 'remote desktop users') And
tblAssetCustom.State = 1
Order By tblAssets.AssetName