Skip to main content

Enumerate Members of local groups in PowerShell

Here is another script from my last PowerShell class.  After we took a look at the script to enumerate the users who had User Rights assigned to them on a server, one the delegates in class asked if it was possible to enumerate the local users in local groups.  I had to resort to some PowerShell V1 tactics, but it works.  I also got a little help from Steve Schofield’s blog.

<#
===========================================================
Script Name: LocalGroups.ps1
Author: Jason A. Yoder, MCT
Website: WWW.MCTExpert.com
Blogsite: WWW.MCTExpert.Blogspot.com
-----------------------------------------------------------
Script Purpose:
Enumerate the local user accounts that are members
of local groups
-----------------------------------------------------------
Variables:

$GroupList : Holds the names of all the groups on the
             client.

$StrComputer : Used to store the name of the client to
               run this script on.  The "." means the
               local client.

$GL : Used to help cycle through the collection
      $Group List.
     
$Members : A collections of all the members of a group.              
===========================================================
#>
# =========================================================
# Main Code:
Set-StrictMode -version 2.0

# Enumerate the local groups on the client.
$GroupList = Get-WmiObject Win32_Group | ForEach {$_.name}
$strComputer = "."

# Cycle through each group and enumerate the
# Group members.
ForEach ($GL in $GroupList)
{
    $computer = [ADSI]("WinNT://" + $strComputer + `
    ",computer")
    $Group = $computer.psbase.children.find($GL)
    $members= $Group.psbase.invoke("Members") |
    %{$_.GetType().InvokeMember("Name", 'GetProperty', `
    $null, $_, $null)}


    # Display the group and its members.
    Write-Host "Group Name: $GL"
    ForEach($user in $members){Write-Host $user}
    Write-Host "------------------------------------------"
}
# == End of Main Code =====================================

Comments

Popular posts from this blog

Adding a Comment to a GPO with PowerShell

As I'm writing this article, I'm also writing a customization for a PowerShell course I'm teaching next week in Phoenix.  This customization deals with Group Policy and PowerShell.  For those of you who attend my classes may already know this, but I sit their and try to ask the questions to myself that others may ask as I present the material.  I finished up my customization a few hours ago and then I realized that I did not add in how to put a comment on a GPO.  This is a feature that many Group Policy Administrators may not be aware of. This past summer I attended a presentation at TechEd on Group Policy.  One organization in the crowd had over 5,000 Group Policies.  In an environment like that, the comment section can be priceless.  I always like to write in the comment section why I created the policy so I know its purpose next week after I've completed 50 other tasks and can't remember what I did 5 minutes ago. In the Group Policy module for PowerShell V3, th

Return duplicate values from a collection with PowerShell

If you have a collection of objects and you want to remove any duplicate items, it is fairly simple. # Create a collection with duplicate values $Set1 = 1 , 1 , 2 , 2 , 3 , 4 , 5 , 6 , 7 , 1 , 2   # Remove the duplicate values. $Set1 | Select-Object -Unique 1 2 3 4 5 6 7 What if you want only the duplicate values and nothing else? # Create a collection with duplicate values $Set1 = 1 , 1 , 2 , 2 , 3 , 4 , 5 , 6 , 7 , 1 , 2   #Create a second collection with duplicate values removed. $Set2 = $Set1 | Select-Object -Unique   # Return only the duplicate values. ( Compare-Object -ReferenceObject $Set2 -DifferenceObject $Set1 ) . InputObject | Select-Object – Unique 1 2 This works with objects as well as numbers.  The first command creates a collection with 2 duplicates of both 1 and 2.   The second command creates another collection with the duplicates filtered out.  The Compare-Object cmdlet will first find items that are diffe

How to list all the AD LDS instances on a server

AD LDS allows you to provide directory services to applications that are free of the confines of Active Directory.  To list all the AD LDS instances on a server, follow this procedure: Log into the server in question Open a command prompt. Type dsdbutil and press Enter Type List Instances and press Enter . You will receive a list of the instance name, both the LDAP and SSL port numbers, the location of the database, and its status.