locked
Running powershell script in different OS RRS feed

  • Question

  • Hi there...I am trying to run the below mentioned command in Server 2012 & it's pulling users from Administrators user group. But in Server 2008R2, it's pulling from entire domain...
    Get-WmiObject -Class Win32_GroupUser `
    | where{$_.GroupComponent -like "*Administrators*"} `
    |foreach { 
    $data = $_.PartComponent -split "\," 
    $data[1].Remove(0,5).Replace('"','') 
    } 
    Can you pls let me know what needs to changed...?

    VT

    Tuesday, June 13, 2017 4:01 PM

Answers

  • You cannot remotely see domain accounts with WMI due to second hop restrictions.

    Look in the Gallery for scripts that use ADSI for this.


    \_(ツ)_/

    • Marked as answer by mywindows Tuesday, June 20, 2017 7:40 PM
    Wednesday, June 14, 2017 6:39 PM
  • ADSI can be executed remotely by adding the server in the WinNT path.


    \_(ツ)_/

    • Marked as answer by mywindows Tuesday, June 20, 2017 7:40 PM
    Wednesday, June 14, 2017 9:02 PM
  • This script helped...FYI...
    $localgroup = "Administrators"
    $Group= [ADSI]"WinNT://$Servers/$LocalGroup,group" 
    $members = $Group.psbase.Invoke("Members")
    $members | ForEach-Object { $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null) } 


    VT

    • Marked as answer by mywindows Tuesday, June 20, 2017 7:40 PM
    Tuesday, June 20, 2017 7:39 PM

All replies

  • If you run  that script on a DC you will get the whole domain.  Don't run on a DC.

    \_(ツ)_/

    Tuesday, June 13, 2017 6:29 PM
  • Thanks for your reply JRV...I didnt run in DC, but on a windows server 2008 R2 client connected to the domain...But its working fine 2012 client thats connected in the domain.

    VT

    Tuesday, June 13, 2017 6:54 PM
  • This is easier and works for me on WS2008r2 and WS2012r2

    Get-WmiObject -Class Win32_Group -Filter 'Name = "administrators"'|
         %{$_.GetRelated('Win32_UserAccount')}


    \_(ツ)_/

    Tuesday, June 13, 2017 7:46 PM
  • Hi,

    The following script works well:

    https://gallery.technet.microsoft.com/scriptcenter/List-local-group-members-762b48c5

    Best regards,

    Andy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, June 14, 2017 9:31 AM
  • This is easier and works for me on WS2008r2 and WS2012r2

    Get-WmiObject -Class Win32_Group -Filter 'Name = "administrators"'|
         %{$_.GetRelated('Win32_UserAccount')}


    \_(ツ)_/

    Thanks JRV...I tried the script you mentioned, but I am getting just the domain user names and not the domain groups added in the local administrators group in a particular server...Can you pls let me know if we can get output of that domain group added as well. 

    VT

    Wednesday, June 14, 2017 6:07 PM
  • You cannot remotely see domain accounts with WMI due to second hop restrictions.

    Look in the Gallery for scripts that use ADSI for this.


    \_(ツ)_/

    • Marked as answer by mywindows Tuesday, June 20, 2017 7:40 PM
    Wednesday, June 14, 2017 6:39 PM
  • Thanks JRV, I am trying the ADSI script I think, it will work...I will update the one that worked... Thanks for Andy_Pan for the link reference. I think that function needs to be executed in all servers that we need to use right in order for the function to take effective, pls comment if there are other ways to do that.

    Hence using the ADSI option...


    VT

    Wednesday, June 14, 2017 8:33 PM
  • ADSI can be executed remotely by adding the server in the WinNT path.


    \_(ツ)_/

    • Marked as answer by mywindows Tuesday, June 20, 2017 7:40 PM
    Wednesday, June 14, 2017 9:02 PM
  • ADSI can be executed remotely by adding the server in the WinNT path.


    \_(ツ)_/

    Thanks JRV...

    VT

    Tuesday, June 20, 2017 7:38 PM
  • This script helped...FYI...
    $localgroup = "Administrators"
    $Group= [ADSI]"WinNT://$Servers/$LocalGroup,group" 
    $members = $Group.psbase.Invoke("Members")
    $members | ForEach-Object { $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null) } 


    VT

    • Marked as answer by mywindows Tuesday, June 20, 2017 7:40 PM
    Tuesday, June 20, 2017 7:39 PM