PowerShell - List local users and groups
When you have a bunch of servers to manage and those servers are joined to an Active Directory Domain, it is really easy to query information from a single location, but when you are not using AD things get a little more complicated.
It is a typical request to get the user list from all your users and the groups they belong to. If you are using AD, try installing the Power Shell Active Directory Module (See 4Sysops article). But if all your servers are not joined to a domain you will need to query the local users and groups so the Active Directory module is useless.
Luckily, we can use the "Active Directory Service Interfaces" a.k.a [ADSI]. The script to query the users and groups and export a list ready to imported into a spreadsheet is really simple:
$computerName = $env:COMPUTERNAME.Trim("`t|`n|`r")
$computer = [ADSI]"WinNT://$computerName"
$computer.psbase.children | where { $_.psbase.schemaClassName -eq 'group' } | foreach {
$groupName = $_.Name
$group = [ADSI]$_.psbase.Path
$groupMembers = $group.psbase.Invoke("Members")
foreach ($member in $groupMembers){
$samAccount = $member.getType().InvokeMember('Name','GetProperty', $null, $member, $null)
try{
$fullName = $member.getType().InvokeMember('FullName','GetProperty', $null, $member, $null)
}
catch{
$fullName = ""
}
echo "|$computerName|$groupName|$samAccount|$fullName|"
}
}
The output is a list of values separated by pipes ("|") like:
|Server_Name|LocalGroup_Name|User_SamAccount_Name|User_FullName|
Chreers.
References:
https://msdn.microsoft.com/en-us/library/aa772211(VS.85).aspx
https://mcpmag.com/articles/2015/04/15/reporting-on-local-accounts.aspx
https://stackoverflow.com/questions/23071181/powershell-2-0-get-users-for-a-local-group
https://stackoverflow.com/questions/30710755/extract-ad-user-information-via-adsi
It is a typical request to get the user list from all your users and the groups they belong to. If you are using AD, try installing the Power Shell Active Directory Module (See 4Sysops article). But if all your servers are not joined to a domain you will need to query the local users and groups so the Active Directory module is useless.
Luckily, we can use the "Active Directory Service Interfaces" a.k.a [ADSI]. The script to query the users and groups and export a list ready to imported into a spreadsheet is really simple:
$computerName = $env:COMPUTERNAME.Trim("`t|`n|`r")
$computer = [ADSI]"WinNT://$computerName"
$computer.psbase.children | where { $_.psbase.schemaClassName -eq 'group' } | foreach {
$groupName = $_.Name
$group = [ADSI]$_.psbase.Path
$groupMembers = $group.psbase.Invoke("Members")
foreach ($member in $groupMembers){
$samAccount = $member.getType().InvokeMember('Name','GetProperty', $null, $member, $null)
try{
$fullName = $member.getType().InvokeMember('FullName','GetProperty', $null, $member, $null)
}
catch{
$fullName = ""
}
echo "|$computerName|$groupName|$samAccount|$fullName|"
}
}
The output is a list of values separated by pipes ("|") like:
|Server_Name|LocalGroup_Name|User_SamAccount_Name|User_FullName|
Chreers.
References:
https://msdn.microsoft.com/en-us/library/aa772211(VS.85).aspx
https://mcpmag.com/articles/2015/04/15/reporting-on-local-accounts.aspx
https://stackoverflow.com/questions/23071181/powershell-2-0-get-users-for-a-local-group
https://stackoverflow.com/questions/30710755/extract-ad-user-information-via-adsi
Comments
Post a Comment