I've been migrating users from 'standalone' machines if you like to a domain. Someone wrote some scripts for me to do most of it, one part was adding the user as a local admin during the migration.

I was supposed to remove this account at the end of the process...

In 99% of cases I think I've done it, but there may be the odd one or two that has slipped through the net - is there any way I can scan the domain and see which PCs have a user with admin rights logged on or anything?

Assuming every computer is part of the domain you can do what you want with the following script. Create the following script on the domain controller. Easiest way is to just open up notepade and paste the folowing code between the ---------- and then save it as a .vbs file (test.vbs for example.)

-------------------------------------------------------------------------
'RemoveAdmins.vbs
Dim objFSO:Set objFSO=CreateObject("Scrip<wbr>ting.FileS<wbr>ystemObjec<wbr>t")
Dim objFile:Set objFile=objFSO.OpenTextFil<wbr>e("C:\Comp<wbr>uters.txt"<wbr>)

Do while not objFile.AtEndOfStream
strPC=objFile.ReadLine
Set objGroup = GetObject("WinNT://" & strPC & "/Administrators")
For Each objUser In objGroup.Members
If objUser.Name <> "Administrator" AND objUser.Name <> "Domain Admins" Then
objGroup.Remove(objUser.Ad<wbr>sPath)
End If
Next
Loop

objFile.Close
Set objFSO=Nothing
------------------------------------------------------------

Next you need to create the c:\computername.txt file
Each line of that file should have a computer name or an ip for a computer and nothing more.

The script goes through that file and on each computer it removes any accounts from the local admin group that aren't Administrator or Domain Admin.

Thanks Kryyst, I thought you might come to my rescue!

Is there any way I can modify that to tell me which PCs have admin accounts rather than changing them? - Two of the MDs for example have their own accounts added there etc.

'ViewAdmins.vbs
Dim objFSO:Set objFSO=CreateObject("Scripting.FileSystemObject")
Dim objFile:Set objFile=objFSO.OpenTextFile("C:\temp\Computers.txt")

Do while not objFile.AtEndOfStream
strPC=objFile.ReadLine
Set objGroup = GetObject("WinNT://" & strPC & "/Administrators")
For Each objUser In objGroup.Members
If objUser.Name <> "Administrator" AND objUser.Name <> "Domain Admin
Wscript.Echo objUser.Name, ">", strPC
End If
Next
Loop
objFile.Close
Set objFSO=Nothing

This will display the non-admin user names and what computers they are assigned to on the screen.
If you want to send the info to a text file run the script like this
cscript script.vbs >c:\log.txt

It'll redirect all output to a text file.