locked
Exporting local account and group memberships of remote servers RRS feed

  • Question

  • Hi,

    I have found that we can export local account and group membership information of remote servers using ADSI or WMI (Get-WmiObject) + PSRemoting.

    What are the advantages and disadvantages of these two approaches? Which is recommended?

    Do both work for Domain and Workgroup? 

    Any difference in scope covered by ADSI (Servers part of that domain only?)

    Friday, October 26, 2018 6:52 PM

All replies

  • The answer depends on what you want to export and why. As asked there is no specific answer to your question.

    \_(ツ)_/

    Friday, October 26, 2018 8:41 PM
  • Thank you for the response.

    We are looking for exporting local users and their group memberships.

    Reason is - this information will be fed to Identity and Access management product that initiates reviews by admins and access revocations if those privileges are not as needed / not as per policy etc.

    Saturday, October 27, 2018 3:53 AM
  • I see no difference between the two methods for you intended purpose.  Use either method that suits you.  There are no advantages or disadvantages with local accounts.  Domain accounts would provide a disadvantage as WMI does not make it as easy as ADSI.


    \_(ツ)_/


    • Edited by jrv Saturday, October 27, 2018 3:58 AM
    Saturday, October 27, 2018 3:56 AM
  • Thank you.

    One more question - Is the PSRemoting good approach to execute remove group membership operations for local accounts on a set of remote servers? Or are there any better ways to do it?

    Thanks in advance.

    Saturday, October 27, 2018 4:11 AM
  • Neither method requires PsRemoting.

    I recommend learning at least the minimum about PowerShell before pursuing solutions. So far you questions are unnecessary.  Either learn PS or contact someone who is trained and experienced in this.

    Any compliance tool that is useable can gather all of this information without needing any external help.  You need to either get a better tool or ask the vendor why you need to do this manually.


    \_(ツ)_/

    Saturday, October 27, 2018 4:16 AM