Get Members of Local Group


I have seen many administrators who has difficulty to find members of local group (i.e. Administrators) for 100 or more servers. There are many scripts but they have their standard functionality and fixed output. When you try to modify the script as per your requirements, it become a big pain in a**.

Here are some links of good written scripts which can help you.
https://gallery.technet.microsoft.com/scriptcenter/Get-GroupMember-Get-Local-72fecf21
https://www.petri.com/use-powershell-to-find-local-groups-and-members
https://gist.github.com/jdhitsolutions/2b3f8761db581726802e
Use them at your own risk.

If you want to do it by your own, here are some easy tricks which I am going show here. Using WMI command with their classes and use filters is really complicated way. Trust me, I have seen administrators pulling their hairs while automating this basic thing.

1. Use CIM command instead of WMI
Supports PowerShell 3.0 or later

# FIRST YOU NEED TO KNOW HOW TO FIND THE LOCAL GROUP 
Get-CimInstance -ClassName Win32_Group -Filter "LocalAccount=TRUE" 
In output, you will see all local groups of the local host on which you will run this command.
Get-CimInstance -ClassName Win32_Group -ComputerName "SERVER01" -Filter "LocalAccount=TRUE"
In output, you will see all local groups of the computer, which you have mentioned in the command. 

# NOW YOU NEED TO KNOW THE MEMBERS OF THE SELECTED GROUP
Get-CimInstance win32_group -Filter "LocalAccount=TRUE and SID='S-1-5-32-544'" -ComputerName SERVER01 | Get-CimAssociatedInstance -Association Win32_groupUser | Select-Object -Property Name, Domain, SID

# HERE IS THE SMALL SCRIPT WHICH I HAVE CREATED FOR YOU TO CHECK MULTIPLE SYSTEMS
$Computers = "ASHISHGUPTA01"
foreach ($Computer in $Computers) {
Get-CimInstance win32_group -Filter "LocalAccount=TRUE and SID='S-1-5-32-544'" -ComputerName $Computer | Get-CimAssociatedInstance -Association Win32_groupUser | Select-Object -Property Name, Domain, SID
}

Important Note : 'S-1-5-32-544' sid belongs to Administrator local group. You can see SIDs of all local group when you will run the first command. 2. Upgrade to PowerShell 5.1. This version of PowerShell has come with new commands. After which, you don't need to use WMI and CIM commands to get the information.

2. Upgrade to PowerShell 5.1
This version of PowerShell has come with new commands. After which, you don't need to use WMI and CIM commands to get the information.

Adds members to a local group.
Disables a local user account.
Enables a local user account.
Gets the local security groups.
Gets members from a local group.
Gets local user accounts.
Creates a local security group.
Creates a local user account.
Deletes local security groups.
Removes members from a local group.
Deletes local user accounts.
Renames a local security group.
Renames a local user account.
Changes a local security group.
Modifies a local user account.

Detail information about these command lets, please visit THIS page.

If you need any more help, please let me know.

0 comments:

Post a Comment