Get-LocalGroupMember: Find Local admin using PowerShell on multiple servers (2021)
One day my boss asked me to provide the list of the local group members list from more than 1000 servers within 2 hrs. Not sure if he was taking any revenge on me but I was well versed with google (my solution to every problem) and I got to know about “get-localgroupmember” command. Today I am going to share how I create a script with step-by-step details.
Get LocalGroupMember
All about Get-LocalGroupMember
Get-LocalGroupMember is used to get the list of group members from a given group. Below is the syntax used for Get-LocalGroupMember.
Get-LocalGroupMember [[-Member] <String>][-Name] <String>[<CommonParameters>]
Below is the example:
PS C:\Users\dhrub> Get-LocalGroupMember -Group "Administrators"
ObjectClass Name PrincipalSource
----------- ---- ---------------
User TestPc\Administrator Local
User TestPc\dhrub MicrosoftAccount
In the above example, we are fetching the users inside the Administrators group, which is quite self explanatory.
Getting Local Admin list from multiple servers using Get-LocalGroupMember
In this section I will guide you step-by-step how I reached my goal of extracting the list of local admin from multiple servers.
Step #1
$a= Get-Content -path C:\servers.txt
## Reading the servers list from the text file using Get-Content ##
Step #2
foreach($b in $a){
#statement1
#statement2
#statement3
}
If you want to run scripts on multiple servers Foreach loops are always required. In this script, we will use the same. If you want to learn more on Foreach click here.
Step #3
Invoke-Command -ComputerName $b -HideComputerName -scriptblock {}
Invoke-command usually created a pssession on the remote server so that we can execute some sets of command remotely.
Step #4
$member= 'Administrators'
Get-LocalGroupMember -name $member}|`
Select * -ExcludeProperty RunspaceId | `
select @{n="Computer";e="PScomputerName"},Name,PrincipalSource |`
export-csv C:\try3.csv -NoTypeInformation -Append
I have created a variable $member and assigned the value “Administrator” and you can assign any local group name in $member.
@{n=” computer”;e=”PScomputerName”}, this line will basically alter the output as it will change the name of the expression PScomputerName to just Computer.
Export-csv will convert the output in a .csv format.
-Append will append the results in the CSV. It will be required as generally if it is not there then the result will be the output of the end of the script.
Step #5
$a= Get-Content -path C:\servers.txt
foreach($b in $a){
Invoke-Command -ComputerName $b -HideComputerName -scriptblock {
$member= 'Administrators'
Get-LocalGroupMember -name $member}|`
Select * -ExcludeProperty RunspaceId | `
select @{n="Computer";e="PScomputerName"},Name,PrincipalSource |`
export-csv C:\try3.csv -NoTypeInformation -Append
}
Above is the final script that I have created to resolve the problem, below is the output from the .csv file.
“Computer”,”Name”,”PrincipalSource”
“newvm”,”newvm\administrator1″,”Local”
“newvm”,”newvm\administrrator1″,”Local”
“newvm”,”TEST\Domain Admins”,”ActiveDirectory”
“newvm”,”TEST\test30″,”ActiveDirectory”
“newvm4″,”newvm4\administrator1″,”Local”
“newvm4″,”newvm4\administrrator1″,”Local”
“newvm4″,”TEST\Domain Admins”,”ActiveDirectory”
“newvm4″,”TEST\test30″,”ActiveDirectory”
Conclusion
This small script helped me a lot and save my day, now my boss is happy with me and I think he will be giving me more work in the future but I will share everything with you without remorse. If you like the post, please recommend our page on Facebook and leave a reply so that I can create more topics in the future. Also, let me know if you want to check out the video of this script.
About Me
Dhrub Bharali
Writing PowerShell script is my obsession. I have created 100+ PowerShell script that generates the best result and can be modified to get the required details of your infra.
