none
Get local admin group membership on remote servers

    Question

  • I am trying to write a script that will get local administrators group membership. I have written this and keep coming up with the following error. Please help.

    Thanks

    $servers= get-content 'c:\input\test.txt'
    $output = 'c:\output\test.csv' 
    $results = @()
    foreach($server in $servers)
    {$admins = @()$group =[ADSI]"WinNT://$server/Administrators" 
    $members = @($group.psbase.Invoke("Members"))
    $members | foreach {
     $obj = new-object psobject -Property @{
     Server = $Server
     Admin = $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)
     }
     $admins += $obj
     } 
    $results += $admins
    }
    $results| Export-csv $Output -NoTypeInformation


    Thanks for your help

    Tuesday, October 15, 2013 7:59 PM

Answers

All replies

  • The following errors are coming up

    Exception calling "Invoke" with "2" argument(s): "The network path was not found.

    "

    At line:9 char:14

    + $members = @($group.psbase.Invoke("Members"))

    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException

    + FullyQualifiedErrorId : DotNetMethodException

    Exception calling "Invoke" with "2" argument(s): "The network path was not found.

    "

    At line:9 char:14

    + $members = @($group.psbase.Invoke("Members"))

    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException

    + FullyQualifiedErrorId : DotNetMethodException

    Exception calling "Invoke" with "2" argument(s): "The network path was not found.

    "

    At line:9 char:14

    + $members = @($group.psbase.Invoke("Members"))

    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException

    + FullyQualifiedErrorId : DotNetMethodException

    Exception calling "Invoke" with "2" argument(s): "The network path was not found.

    "

    At line:9 char:14

    + $members = @($group.psbase.Invoke("Members"))

    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException

    + FullyQualifiedErrorId : DotNetMethodException


    Thanks for your help

    Tuesday, October 15, 2013 8:00 PM
  • Hi,

    Try removing the @() before $group and around $group.psbase.Invoke("Members").


    Don't retire TechNet! - (Maybe there's still a chance for hope, over 12,110+ strong and growing)

    Tuesday, October 15, 2013 8:03 PM
    Moderator
  • copy and paste screwed up on me. This is the code i have and it is giving me the errors above. Sorry

    $servers= get-content 'c:\test\computers.txt'
    $output = 'c:\test\test.csv' 
    $results = @()
    foreach($server in $servers)
    {
    $admins = @()
    $group =[ADSI]"WinNT://$server/Administrators" 
    $members = @($group.psbase.Invoke("Members"))
    $members | foreach {
     $obj = new-object psobject -Property @{
     Server = $Server
     Admin = $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)
     }
     $admins += $obj
     } 
    $results += $admins
    }
    $results| Export-csv $Output -NoTypeInformation


    Thanks for your help

    Tuesday, October 15, 2013 8:19 PM
  • Hi,

    My second suggestion still holds, try removing @() from $group.psbase.Invoke("Members").

    EDIT: Also, I'd suggest removing the loop and making sure you have a working script that will do what you're after on a single machine. Once you've got that in place, adding the loop back in should be pretty easy.


    Don't retire TechNet! - (Maybe there's still a chance for hope, over 12,110+ strong and growing)


    Tuesday, October 15, 2013 8:21 PM
    Moderator
  • Still same error. Here are the code changes i made

    Exception calling "Invoke" with "2" argument(s): "The network path was not found.

    "

    At C:\Users\jthomas99\Desktop\GetLocalAdminGroups.ps1:9 char:1

    + $members = $group.psbase.Invoke("Members")

    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    + CategoryInfo : NotSpecified: (:) [], MethodInvocationException

    + FullyQualifiedErrorId : DotNetMethodException

    $servers= get-content 'c:\test\computers.txt'
    $output = 'c:\test\test.csv' 
    $results = @()
    foreach($server in $servers)
    {
    $admins = @()
    $group =[ADSI]"WinNT://$server/Administrators" 
    $members = $group.psbase.Invoke("Members")
    $members | foreach {
     $obj = new-object psobject -Property @{
     Server = $Server
     Admin = $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)
     }
     $admins += $obj
     } 
    $results += $admins
    }
    $results| Export-csv $Output -NoTypeInformation


    Thanks for your help

    Tuesday, October 15, 2013 8:27 PM
  • Does $group actually get populated? I think you need to add ,group after Administrators.

    Don't retire TechNet! - (Maybe there's still a chance for hope, over 12,110+ strong and growing)

    Tuesday, October 15, 2013 8:34 PM
    Moderator
  • I tried adding group after administrators with the same result as above. As far as i can tell members is not getting populated at this time.


    Thanks for your help

    Tuesday, October 15, 2013 8:42 PM
  • You have it set like this?

    $group =[ADSI]"WinNT://$server/Administrators,group" 

    Try running that by itself (manually set a servername from your list as $server) and then see what your output is when typing $group.

    EDIT: Have you come across this yet? http://powershell.com/cs/media/p/3215.aspx


    Don't retire TechNet! - (Maybe there's still a chance for hope, over 12,110+ strong and growing)


    Tuesday, October 15, 2013 8:44 PM
    Moderator
  • correct

    $group =[ADSI]"WinNT://$server/Administrators,group"

    format-default : The following exception occurred while retrieving member "distinguishedName": "Access is denied.

    "

    + CategoryInfo : NotSpecified: (:) [format-default], ExtendedTypeSystemException

    + FullyQualifiedErrorId : CatchFromBaseGetMember,Microsoft.PowerShell.Commands.FormatDefaultCommand



    Thanks for your help


    • Edited by jthomas777 Tuesday, October 15, 2013 8:51 PM
    Tuesday, October 15, 2013 8:47 PM
  • i dont understand the access denied as i am a domain admin


    Thanks for your help

    • Proposed as answer by NCSurfer Tuesday, March 27, 2018 5:21 PM
    • Unproposed as answer by NCSurfer Tuesday, March 27, 2018 5:21 PM
    Tuesday, October 15, 2013 8:52 PM
  • I know this is an old thread but I have run into the same issue recently when attempting to query a few 2016 Servers that were not part of the domain running the script.  I had to implement the following code to bypass the issue as there seems to be a bug when calling $adminGroup.psbase.Invoke('Members').  No data is returned when I make the request but as long as I make the request before making the fresh request in the if statment data will be returned by the second command.

    $adminGroup = ([ADSI]"WinNT://$strComputer/Administrators,group")
    $adminGroup.psbase.Username = $cred.UserName
    $adminGroup.psbase.Password = $cred.GetNetworkCredential().Password
    $members = $adminGroup.psbase.Invoke('Members')
    If($members.Length -le 0){
        $members = ([ADSI]"WinNT://$strComputer/Administrators,group").psbase.Invoke('Members') 
    }

    Now here is where it gets really weird.  The script below works for all servers with 2003+ Server(except 2016) based OS systems in my environment and will return data.  The script above works for all systems as well but all servers seem to venture into the if statement as the $adminGroup.psbase.Invoke('Members') does not return any data when the username and password are specified.

    $adminGroup = ([ADSI]"WinNT://$strComputer/Administrators,group")
    $members = $adminGroup.psbase.Invoke('Members')

    Tuesday, March 27, 2018 7:54 PM