Home > front end >  Local users and their groups
Local users and their groups

Time:09-29

I want to get a similar report as in the following thread for a bunch of computers retrieved from the AD.

$adsi = [ADSI]"WinNT://$($WKS.name)"
$adsi.Children | where { $_.SchemaClassName -eq 'user' } | Foreach-Object {
    $groups = $_.Groups() | Foreach-Object { $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null) }
    $_ | Select-Object @{ n = 'UserName'; e = { $_.Name } }, @{ n = 'Groups'; e = { $groups -join ',' } } | | Export-Csv -Path "\\..\KontaLokalne.csv" -NoClobber -Append -Encoding UTF8 -Delimiter ";" -NoTypeInformation
}

I want to get an additional information about each account listed - is the account enabled or not.

Additionally, I would like to send the output to the file in the format: computer name; account name; member of the groups.

Could You help me?

CodePudding user response:

To check whether a user account is enabled or not using ADSI, you will have to test if the ADS_UF_ACCOUNTDISABLE bit in the .UserFlags property is set or not. To do this, you need to bitwise and the value of the UserFlags with the value of ADS_UF_ACCOUNTDISABLE (2):

$adsi = [ADSI]"WinNT://$($WKS.name)"
$result = $adsi.Children | Where-Object { $_.SchemaClassName -eq 'user' } | ForEach-Object {
    $groups = $_.Groups() | Foreach-Object { $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null) }
    $_ | Select-Object @{Name = 'UserName'; Expression = { $_.Name } }, 
                       @{Name = 'Enabled';  Expression = { ($_.UserFlags.Value -band 2) -eq 0} },
                       @{Name = 'Groups';   Expression = { $groups -join ',' } }
}

# now you can export the resulting collection
# do you really want to use -Append here?
$result | Export-Csv -Path "\\..\KontaLokalne.csv" -NoClobber -Append -Encoding UTF8 -Delimiter ";" -NoTypeInformation

See ADS_USER_FLAG_ENUM

  • Related