Get local groups and their members with PowerShell

The Active Directory Module for PowerShell is great. You can do almost anything with it, but every now and then you might need to list the local groups and their members on a server/client, and that is harder…

To achieve this I wrote a couple of advanced functions to simplify the task. “Get-LocalGroup” and “Get-LocalGroupMember”.

The usage should be pretty simple, but to give you an idea:

PS H:\> Get-LocalGroup

ComputerName GroupName                                   SID
------------ ---------                                   ---
MyMachine    Administrators                              S-1-5-32-544
MyMachine    Backup Operators                            S-1-5-32-551
MyMachine    Cryptographic Operators                     S-1-5-32-569
MyMachine    Distributed COM Users                       S-1-5-32-562
MyMachine    Event Log Readers                           S-1-5-32-573
MyMachine    Guests                                      S-1-5-32-546
MyMachine    IIS_IUSRS                                   S-1-5-32-568
MyMachine    Network Configuration Operators             S-1-5-32-556
MyMachine    Performance Log Users                       S-1-5-32-559
MyMachine    Performance Monitor Users                   S-1-5-32-558
MyMachine    Power Users                                 S-1-5-32-547
MyMachine    Remote Desktop Users                        S-1-5-32-555
MyMachine    Replicator                                  S-1-5-32-552
MyMachine    Users                                       S-1-5-32-545


PS H:\> Get-LocalGroup | where GroupName -eq Administrators | Get-LocalGroupMember

Domain    GroupName      Type  Name
------    ---------      ----  ----
MyMachine Administrators User  Administrator
MyDomain  Administrators Group Domain Admins
MyDomain  Administrators Group TheAdmins

The code is available here.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.