2

In attempting to answer this question I came up against something that has bugged me for a while, and I have not been able to find an answer for.

The following script block will list the names of all members of the local administrators group.

$group = [ADSI]"WinNT://./Administrators"
@($group.Invoke("Members")) | foreach {$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)}

However it will list only the names, and no other properties.

I'm fairly sure that there are other properties of Members that I could extract but I don't understand how I would go about identifying what those other properties are.

I don't necessarily need to know the additional properties of that item, this is more a question of how I would go about finding them.

(I apologise if this is all a bit vague, I'm very much self taught at all of this and I'm well aware that I might be barking up the wrong tree and/or making regular horrible mistakes.)

Community
  • 1
Patrick
  • 1,280
  • 1
  • 15
  • 36

3 Answers3

2

Problem is that you are dealing with a COM Object, and these objects do not seem to provide a way to show you all in PowerShell.

You can also take a look at a similar question on a different (C#) thread here: https://stackoverflow.com/questions/10615019/get-property-names-via-reflection-of-an-com-object

Community
  • 1
Adil Hindistan
  • 419
  • 4
  • 8
1

Please see available properties here:

http://msdn.microsoft.com/en-us/library/aa705950(v=VS.85).aspx

and a similar example to your question:

http://social.technet.microsoft.com/Forums/windowsserver/en-US/b4d51781-e304-45b1-a7b1-c21b62263540/adsi-local-group-enum-from-fancy-powershell-to-simple-foreach-rewrite?forum=winserverpowershell

Since you are already getting a list of members names for the group, to get the details of the members I would just requery again, except against the individual user instead of the group.

PS C:\> $group = [ADSI]"WinNT://./administrators"
PS C:\> $members = $group.Invoke("Members") | %  {$_.GetType().InvokeMember("name", 'GetProperty', $null, $_, $null) }
PS C:\> $membersObjects = @() ; $members | % { $membersObjects += [ADSI]"WinNT://./$_" }
PS C:\> $membersObjects | gm

   TypeName: System.DirectoryServices.DirectoryEntry

Name                        MemberType Definition
----                        ---------- ----------
ConvertDNWithBinaryToString CodeMethod static string ConvertDNWithBinaryToString(psobject deInstance, psobject dnWithBinaryInstance)
ConvertLargeIntegerToInt64  CodeMethod static long ConvertLargeIntegerToInt64(psobject deInstance, psobject largeIntegerInstance)
AutoUnlockInterval          Property   System.DirectoryServices.PropertyValueCollection AutoUnlockInterval {get;set;}
BadPasswordAttempts         Property   System.DirectoryServices.PropertyValueCollection BadPasswordAttempts {get;set;}
Description                 Property   System.DirectoryServices.PropertyValueCollection Description {get;set;}
FullName                    Property   System.DirectoryServices.PropertyValueCollection FullName {get;set;}
HomeDirDrive                Property   System.DirectoryServices.PropertyValueCollection HomeDirDrive {get;set;}
HomeDirectory               Property   System.DirectoryServices.PropertyValueCollection HomeDirectory {get;set;}
LastLogin                   Property   System.DirectoryServices.PropertyValueCollection LastLogin {get;set;}
LockoutObservationInterval  Property   System.DirectoryServices.PropertyValueCollection LockoutObservationInterval {get;set;}
LoginHours                  Property   System.DirectoryServices.PropertyValueCollection LoginHours {get;set;}
LoginScript                 Property   System.DirectoryServices.PropertyValueCollection LoginScript {get;set;}
MaxBadPasswordsAllowed      Property   System.DirectoryServices.PropertyValueCollection MaxBadPasswordsAllowed {get;set;}
MaxPasswordAge              Property   System.DirectoryServices.PropertyValueCollection MaxPasswordAge {get;set;}
MaxStorage                  Property   System.DirectoryServices.PropertyValueCollection MaxStorage {get;set;}
MinPasswordAge              Property   System.DirectoryServices.PropertyValueCollection MinPasswordAge {get;set;}
MinPasswordLength           Property   System.DirectoryServices.PropertyValueCollection MinPasswordLength {get;set;}
Name                        Property   System.DirectoryServices.PropertyValueCollection Name {get;set;}
objectSid                   Property   System.DirectoryServices.PropertyValueCollection objectSid {get;set;}
Parameters                  Property   System.DirectoryServices.PropertyValueCollection Parameters {get;set;}
PasswordAge                 Property   System.DirectoryServices.PropertyValueCollection PasswordAge {get;set;}
PasswordExpired             Property   System.DirectoryServices.PropertyValueCollection PasswordExpired {get;set;}
PasswordHistoryLength       Property   System.DirectoryServices.PropertyValueCollection PasswordHistoryLength {get;set;}
PrimaryGroupID              Property   System.DirectoryServices.PropertyValueCollection PrimaryGroupID {get;set;}
Profile                     Property   System.DirectoryServices.PropertyValueCollection Profile {get;set;}
UserFlags                   Property   System.DirectoryServices.PropertyValueCollection UserFlags {get;set;}
Jacob
  • 321
  • 2
  • 5
1

Expanding on @Jacob's idea. When you enumerate the members of the group, only string objects are being returned, not AD user objects. Therefore, the only properties available are string properties (i.e. length, etc.). You need to query AD again using the name as the -identity parameter to retrieve the user properties.

In AD you could do something like this:

$(get-adgroup "administrators" -Properties members).members|foreach {get-aduser -identity $_}

I can't speak for the code for WinNT

uSlackr
  • 6,412
  • 21
  • 37