Getting Local User Accounts the PowerShell Way

It seems I'm always seeing requests and problems on getting local user accounts using PowerShell. However, even though we are at PowerShell 5.0, Microsoft has never released a set of cmdlets for managing local user accounts. So many of us have resorted to creating our own tools. I now have my latest iteration of a function to get local user account information from remote computers.

Manage and Report Active Directory, Exchange and Microsoft 365 with
ManageEngine ADManager Plus - Download Free Trial

Exclusive offer on ADManager Plus for US and UK regions. Claim now!

The function takes a shortcut of sorts by using the ADSI type accelerator to connect to a remote computer. This is the same technique we used back in the VBScript days. However, this technique isn't conducive to alternate credentials and requires legacy protocols like RPC and DCOM. But that isn't necessarily an issue as I'll show you in a few minutes.

The function connects to the remote computer and then uses some COM object voodoo, to enumerate local account information. By default, the command will list all user accounts.

Or you can specify a single user account name.

The function accepts pipeline input making it easy to check multiple servers at once.

import-csv s:\computers.csv | get-localuser Administrator | Select Computername,User,Enabled,PasswordAgeDays

On important note: if you query a domain controller you will get domain accounts.

Remember I mentioned this command uses legacy protocols. One alternative is to use PowerShell remoting and Invoke-Command. First, create the necessary PSSessions, using alternate credentials if necessary.

$s = new-pssession -computer chi-core01,chi-web02,chi-fp02

Then get the function's scriptblock.

$sb = ${function:Get-localuser}

Now you can use this with Invoke-Command:

invoke-command -scriptblock $sb -session $s -hidecomputername | select * -exclude RunspaceID | out-gridview -title "Local"

Or query for a specify account:

invoke-command -scriptblock $sb -session $s -hidecomputername -ArgumentList Administrator

You can find the complete script, which includes an alias on Github.

	#requires -version 3.0

	<#
	This function has no provision for alternate credentials unless you run
	it with Invoke-Command in a PSSession.
	#>

	Function Get-LocalUser {

	<#
	.SYNOPSIS
	Get local account information using ADSI.

	.DESCRIPTION
	This command uses ADSI to connect to a server and enumerate local user accounts. By default it will retrieve all local user accounts or you can specify one by name.

	The command uses legacy protocols to connect and enumerate accounts. You may find it more efficient to wrap this function in an Invoke-Command expression. See examples.

	NOTE: If you run this against a domain controller you will get your domain accounts.

	.PARAMETER Computername
	The name of a computer to query. The parameter has aliases of 'CN' and 'Host'.

	.PARAMETER Name
	The name of a local user account, like Administrator. The parameter has an alias of 'User'.

	.EXAMPLE
	PS C:\> Get-LocalUser chi-core01

	Computername : CHI-CORE01
	User : Administrator
	Description : Built-in account for administering the computer/domain
	Enabled : True
	LastLogin : 3/5/2015 7:48:56 AM
	PasswordAgeDays : 456
	PasswordLastSet : 11/11/2014 6:02:05 PM

	Computername : CHI-CORE01
	User : Guest
	Description : Built-in account for guest access to the computer/domain
	Enabled : False
	LastLogin :
	PasswordAgeDays : 659
	PasswordLastSet : 4/22/2014 9:01:02 AM

	Computername : CHI-CORE01
	User : LocalAdmin
	Description : Chicago Local administrator account
	Enabled : True
	LastLogin : 2/24/2015 4:17:35 PM
	PasswordAgeDays : 342
	PasswordLastSet : 3/5/2015 7:46:32 AM

	.EXAMPLE
	PS C:\> "chi-hvr1","chi-hvr2" \| get-localuser -name administrator \| Select Computername,User,LastLogin,Pass*

	Computername : CHI-HVR1
	User : Administrator
	LastLogin : 12/21/2015 12:55:31 PM
	PasswordAgeDays : 58
	PasswordLastSet : 12/14/2015 4:32:12 PM

	Computername : CHI-HVR2
	User : Administrator
	LastLogin : 4/25/2014 1:50:28 PM
	PasswordAgeDays : 889
	PasswordLastSet : 9/4/2013 11:13:25 AM

	.EXAMPLE
	PS C:\> $s = new-pssession chi-core01,chi-fp02,chi-web02
	Create several PSSessions to remote computers.

	PS C:\> $sb = ${function:Get-localuser}

	Get the function's scriptblock

	PS C:\> Invoke-Command -scriptblock $sb -session $s -argumentlist "Administrator" \| Select Computername,User,Pass,Last

	Computername : CHI-CORE01
	User : Administrator
	PasswordAgeDays : 456
	PasswordLastSet : 11/11/2014 6:02:05 PM
	LastLogin : 3/5/2015 6:48:56 AM

	Computername : CHI-FP02
	User : Administrator
	PasswordAgeDays : 0
	PasswordLastSet : 2/10/2016 9:13:13 AM
	LastLogin : 4/30/2013 8:08:49 AM

	Computername : CHI-WEB02
	User : Administrator
	PasswordAgeDays : 379
	PasswordLastSet : 1/27/2015 3:41:15 PM
	LastLogin : 1/27/2015 5:48:12 PM

	Invoke the scriptblock and pass an account name as an argument.

	PS C:\> invoke-command -scriptblock $sb -Session $s -HideComputerName \| Select * -ExcludeProperty RunspaceID \| Out-GridView -title "Local Accounts"

	Get all local accounts by invoking the scriptblock remotely and display the results with Out-GridView.

	.EXAMPLE
	PS C:\> get-localuser -Name jeff -Computername chi-dc04


	Computername : CHI-DC04
	User : jeff
	Description : IT Admin V
	Enabled : True
	LastLogin : 2/9/2016 5:06:22 PM
	PasswordAgeDays : 884
	PasswordLastSet : 9/9/2013 10:46:11 AM

	The command can be used to query domain accounts by selecting a domain controller.

	.NOTES
	NAME : Get-LocalUser
	VERSION : 1.0
	LAST UPDATED: 2/10/2016
	AUTHOR : Jeff Hicks

	Learn more about PowerShell:
	http://jdhitsolutions.com/blog/essential-powershell-resources/

	****************************************************************
	* DO NOT USE IN A PRODUCTION ENVIRONMENT UNTIL YOU HAVE TESTED *
	* THOROUGHLY IN A LAB ENVIRONMENT. USE AT YOUR OWN RISK. IF *
	* YOU DO NOT UNDERSTAND WHAT THIS SCRIPT DOES OR HOW IT WORKS, *
	* DO NOT USE IT OUTSIDE OF A SECURE, TEST SETTING. *
	****************************************************************

	.INPUTS
	[string] for computer names

	.OUTPUTS
	[object]

	#>

	[cmdletbinding()]
	Param(
	[Parameter(Position = 0)]
	[Alias("user")]
	[string]$Name,
	[Parameter(ValueFromPipeline,ValueFromPipelineByPropertyName)]
	[ValidateNotNullorEmpty()]
	[Alias("CN","host")]
	[string[]]$Computername = $env:computername
	)

	Begin {

	Write-Verbose "Starting: $($MyInvocation.Mycommand)"
	#define a constant
	$ADS_UF_ACCOUNTDISABLE = 0x0002

	} #begin

	Process {

	Foreach ($item in $Computername) {
	Write-Verbose "Connecting to $($item.toUpper())"

	if ($Name) {
	Write-Verbose "Querying for local account $Name"
	[ADSI]$LocalUser = "WinNT://$item/$name,user"
	}
	else {
	Write-Verbose "Querying for all local user accounts"
	[ADSI]$Computer = "WinNT://$item"
	}

	#if connection failed there won't be a Name property defined
	if ($Localuser.name -OR $Computer.name) {

	if ($Name) {
	Write-Verbose "Found account for $($localuser.name)"
	$users = $Localuser
	}
	else {
	Write-Verbose "Filtering for user objects"
	$users = $computer.psbase.children \| where {$_.SchemaClassName -match "user"}
	Write-Verbose "Found $($users.count) users"
	}

	Write-Verbose "Getting account details from $($item.ToUpper())"
	$users \| Select-Object @{name="Computername";Expression={$item.ToUpper()}},
	@{name="User";Expression={$_.psbase.properties.name.value}},
	@{Name="Description";Expression={$_.psbase.properties.description.value}},
	@{name="Enabled";Expression={
	if ($_.psbase.properties.item("userflags").value -band $ADS_UF_ACCOUNTDISABLE) {
	$False
	}
	else {
	$True
	}
	}},
	@{name="LastLogin";Expression={[datetime]$_.psbase.properties.lastLogin.value}},
	@{Name="PasswordAgeDays";Expression= {[int]($_.psbase.properties.passwordage.value/86400)}},
	@{Name="PasswordLastSet";Expression={(Get-Date).AddSeconds(-$_.psbase.properties.passwordage.value)}}
	}
	else {
	if ($Name) {
	Write-Warning "Failed to find user $Name on $item."
	}
	else {
	Write-Warning "Failed to connect to $item."
	}
	}
	} #foreach computer

	} #Process

	End {

	Write-Verbose "Ending: $($MyInvocation.Mycommand)"

	} #end

	} #end function

	#create an alias
	Set-Alias -Name glu -Value Get-LocalUser

	<#
	Copyright (c) 2016 JDH Information Technology Solutions, Inc.


	Permission is hereby granted, free of charge, to any person obtaining a copy
	of this software and associated documentation files (the "Software"), to deal
	in the Software without restriction, including without limitation the rights
	to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
	copies of the Software, and to permit persons to whom the Software is
	furnished to do so, subject to the following conditions:


	The above copyright notice and this permission notice shall be included in
	all copies or substantial portions of the Software.


	THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
	IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
	FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
	AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
	LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
	OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
	THE SOFTWARE.
	#>

view raw LocalUserInfo.ps1 hosted with ❤ by GitHub

I hope you'll let me know what you think and that you find this a useful addition to your PowerShell toolbox. If you run into problems, please post them on the Gist page.

Like this:

Related

1 thought on “Getting Local User Accounts the PowerShell Way”

Share this:

Like this:

Related

1 thought on “Getting Local User Accounts the PowerShell Way”