Home > Enterprise >  Powershell ADSI: Can I query the local Administrators group using a SID?
Powershell ADSI: Can I query the local Administrators group using a SID?

Time:02-21

I am in a multilanguage client environment. The local administrators are "Administratoren", "Administrators","Administradores","Administrateurs" and so on. This works to get the group members using Invoke-Expression:

PS C:\> Get-LocalGroupMember -SID "S-1-5-32-544"

ObjectClass Name                 PrincipalSource
----------- ----                 ---------------
Benutzer    PC-JOU\Administrator Local          
Benutzer    PC-JOU\Jou           Local

Working example using the normal group name, for example on a German client WITHOUT needing Invoke-*:

PS C:\> $ADSI = [ADSI]"WinNT://IP-of-computer/Administratoren"
PS C:\> $ADSI.Invoke("Members") | foreach {$_.GetType().InvokeMember("ADsPath", 'GetProperty', $null, $_, $null)}
WinNT://PC-JOU/Administrator
WinNT://PC-JOU/Jou

But I cannot get this to work with a SID to have this international:

PS C:\> $ADSI = [ADSI]"WinNT://IP-of-computer/S-1-5-32-544"
PS C:\> $ADSI.Invoke("Members") | foreach {$_.GetType().InvokeMember("ADsPath", 'GetProperty', $null, $_, $null)}
Ausnahme beim Abrufen des Elements "Invoke": "Der Gruppenname konnte nicht gefunden werden."
In Zeile:1 Zeichen:1
  $ADSI.Invoke("Members") | foreach {$_.GetType().InvokeMember("ADsPath ...
  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      CategoryInfo          : NotSpecified: (:) [], ExtendedTypeSystemException
      FullyQualifiedErrorId : CatchFromBaseGetMember

I got so far to see the propertyvalue of the sid:

PS C:\> $ADSI.objectSid
1
2
0
0
0
0
0
5
32
0
0
0
32
2
0
0

PS C:\> $ADSI.objectSid.GetType()

IsPublic IsSerial Name                                     BaseType                                                                                                                                          
-------- -------- ----                                     --------                                                                                                                                          
True     False    PropertyValueCollection                  System.Collections.CollectionBase

Any idea how I can get this to work, using [ADSI] with the SID value of the local admin? It would save me using Invoke-Expression method.

CodePudding user response:

How about just looking up the group name via the SID first.

$AdminGroupSid = 'S-1-5-32-544'
$AdminGroup = New-Object System.Security.Principal.SecurityIdentifier($AdminGroupSid)
$AdminGroupName = $AdminGroup.Translate([System.Security.Principal.NTAccount]).Value -replace '. \\'

Now just process your normal code

$ADSI = [ADSI]"WinNT://IP-of-computer/$AdminGroupName"
$ADSI.Invoke("Members") | ForEach-Object {
    $_.GetType().InvokeMember("ADsPath", 'GetProperty', $null, $_, $null)
}

CodePudding user response:

SOLVED: As per comment from Santiago Squarzon, I can get the actual local administrator group name with WMI. With the right group name everything else is solved. enter image description here

Page link:https//www.codepudding.com/Enterprise/308716.html

Prev:Powershell: How to remove all files in Directory except recent ones
Next:How to get the text from the p tag of td of tr of table in Python using Selenium
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding