Script to get all users (local and AD) member of the local administrators group

Asked May 13 '20 at 16:30

Active May 13 '20 at 16:30

Viewed 1,729 times

I need a script to get local and AD users having admin rights on a server >= Win 2008r2
The output should be something like:

type   username
----   ----------------
local  administrator
AD     zakkojo
...

I can get local administrartors members with
powershell:

PS>Get-LocalGroupMember

ObjectClass Name                      PrincipalSource
----------- ----                      ---------------
User        DOMAIN\bak.windows        ActiveDirectory
Group       DOMAIN\Domain Admins      ActiveDirectory
Group       DOMAIN\ad_ops             ActiveDirectory
User        SERVENAME\Administrator   Local

(win2008r2 and 2012 have no principalsource attribute)

or using batch with "net localgroup administrators"

But how can i get users in nested groups?

asked May 13 '20 at 16:30

Zakkojo

`Get-LocalGroup | Get-LocalGroupMember | ForEach-Object { $_; if ( $_.ObjectClass -eq 'Group' ) { $_.SID | Get-LocalGroupMember -ErrorAction SilentlyContinue; } }` gives raw output with duplicities… – JosefZ May 13 '20 at 19:23
thx @JosefZ for your suggestion, but what i need to obtain is a list of users (local or from AD) that can access to the machine with admin rights. – Zakkojo May 14 '20 at 14:24

Script to get all users (local and AD) member of the local administrators group

0 Answers0