0

I am trying to run the below mentioned command in Server 2012 & it's pulling users from Administrators user group. But in Server 2008R2, it's pulling from entire domain 

Get-WmiObject -Class Win32_GroupUser `
| where{$_.GroupComponent -like "*Administrators*"} `
|foreach { 
$data = $_.PartComponent -split "\," 
$data[1].Remove(0,5).Replace('"','') 
}
ekad
  • 14,436
  • 26
  • 44
  • 46
V T
  • 47
  • 10

1 Answers1

0

As you have guessed the issue is that win2008R2 has only PS 2.0.x. I think this command where{$_.GroupComponent -like "*Administrators*"} is not available at that version so it queries the whole AD as a fallback (that is a guess).

From your description I did not understand if you want to query local server or domain so I will enter both (all are functional on win2008R2 (PS version 2.0.50727)):

To query local admins and 

#get servers by AD OU
If (!(Get-Module ActiveDirectory)) {
    Import-Module ActiveDirectory
}
function get-localadmins{
  [cmdletbinding()]
  Param(
  [string]$server
  )
  $group = get-wmiobject win32_group -ComputerName $server -Filter "LocalAccount=True AND SID='S-1-5-32-544'"
  $query = "GroupComponent = `"Win32_Group.Domain='$($group.domain)'`,Name='$($group.name)'`""
  $list = Get-WmiObject win32_groupuser -ComputerName $server -Filter $query
  $list | %{$_.PartComponent} | % {$_.substring($_.lastindexof("Domain=") + 7).replace("`",Name=`"","\")}
}

get-localadmins 'your_server_name'

If your goal is to query the whole AD then you can use:

On windows 2008 R2 SP1 it can produce an error: System.DirectoryServices.AccountManagement.PrincipalOperationException: An error (1301) occurred while enumerating the groups. The group's SID could not be resolved.

You have to install a hotfix by Microsoft at: https://support.microsoft.com/en-us/help/2830145/sid-s-1-18-1-and-sid-s-1-18-2-cannot-be-mapped-on-windows-based-computers-in-a-domain-environment?wa=wsignin1.0%3Fwa%3Dwsignin1.0

The following code was taken from here: https://stackoverflow.com/a/8057025/6059896 (all credit to the author) - only changed the names of variables to fig my coding style.

$Recurse = $true

Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$context_type = [System.DirectoryServices.AccountManagement.ContextType]::Domain
$group_principal_identity=[System.DirectoryServices.AccountManagement.GroupPrincipal]::FindByIdentity($ct,'Administrators')
$group.GetMembers($Recurse)
tukan
  • 17,050
  • 1
  • 20
  • 48