A quick PowerShell 2 function for a Monday evening. A function to return properties from the WinNT provider, most commonly used to enumerate local group membership.
This should also work for domain groups (using the domain as the SystemName), although if the domain is Active Directory the LDAP provider returns far more information.
The function can be copied into the prompt as is, or made into a script by dropping the opening “Function …” and closing }.
Once it’s there, you can see usage with:
Get-Help Get-LocalGroupMember Get-Help Get-LocalGroupMember -Full Get-Help Get-LocalGroupMember -Examples
And the function itself:
Function Get-LocalGroupMember {
<#
.Synopsis
This function returns members of a local group, by default the
Administrators group.
.Description
Get-LocalGroupMember returns the members of a local group,
including all properties exposed by the WinNT provider. Complex
properties are returned in their raw form, additional work is needed
to make sense of many.
.Parameter SystemName
The name of the system to execute against. By default, the function
uses the local system.
.Parameter Name
The group name to extract membership from. By default, the function
uses Administrators.
.Parameter Properties
A list of properties to return. Refer to the default value for a list of
permissible properties.
.Example
Get-LocalGroupMember | Select-Object SystemName, Name, Class, Description
Return members of the administrator group on the local computer.
.Example
Get-Content ServerList.txt | ForEach-Object { Get-LocalGroupMember $_ }
Return members of the administrator group all computers names in
a text file.
.Example
Get-QADComputer -OperatingSystem "Windows 7*" | Get-LocalGroupMember
Return members of the administrator group for all computers running
Windows 7 in Active Directory
#>
Param(
[Parameter(ValueFromPipelineByPropertyName = $True)]
[Alias("DnsHostName")]
[String]$SystemName = $Env:ComputerName,
[Alias("Group")]
[String]$Name = "Administrators",
[String[]]$Properties = @(
"AccountDisabled", "AccountExpirationDate", "AdsPath",
"BadLoginAddress", "BadLoginCount", "Class", "Department",
"Description", "Division", "EmailAddress", "EmployeeID",
"FaxNumber", "FirstName", "FullName", "GraceLoginsAllowed",
"GraceLoginsRemaining", "GUID", "HomeDirectory", "HomePage",
"IsAccountLocked", "Languages", "LastFailedLogin", "LastLogin",
"LastLogoff", "LastName", "LoginHours", "LoginScript", "LoginWorkstations",
"Manager", "MaxLogins", "MaxStorage", "Name", "NamePrefix",
"NameSuffix", "OfficeLocations", "OtherName", "Parent",
"PasswordExpirationDate", "PasswordLastChanged", "PasswordMinimumLength",
"PasswordRequired", "Picture", "PostalAddresses", "PostalCodes", "Profile",
"RequireUniquePassword", "Schema", "SeeAlso", "TelephoneHome",
"TelephoneMobile", "TelephoneNumber", "TelephonePager", "Title")
)
Process {
$Select = $Properties | ForEach-Object {
Invoke-Expression "@{n='$_';e={
`$_.GetType().InvokeMember('$_', 'GetProperty', `$Null, `$_, `$Null) }}"
}
([ADSI]"WinNT://$SystemName/$Name").Members() |
Select-Object ([Array](@{n='SystemName';e={ $SystemName }}) + $Select)
}
}
No related posts.
Related posts brought to you by Yet Another Related Posts Plugin.
Comments
Chris
Thanks for posting this. I was just working on something very similar but yours is much better as usual.
One thing I had to change to get the Quest tools to work through the pipeline is the $ComputerName variable. It would always try to pull over the computername attribute which is COMPUTER$ and was not able to get the path to the computer. Not sure if it was something i am doing wrong. When I used this line it worked before changing the variable name.
get-qadcomputer Computername | Select dnshostname | Get-LocalGroupMember
Thanks again for this and everything else you post. Everyday I learn more about powershell from your posts here and on EE.
Ah yes, I didn’t actually test the feed from Quest, I should have remembered the Computer parameter. I’ll fix that up tomorrow when I have AD to work with again :)
Chris
Pipelining from Get-QADComputer is fixed.
Post a Comment