Reputation: 4945
How to access user account's domain in PowerShell
I am trying to get a list of administrator accounts on a machine. So far I have this code below to show username
$obj_group = [ADSI]"WinNT://./Administrators,group"
$members= @($obj_group.psbase.Invoke("Members"))
foreach ($m in $members){
echo ([ADSI]$m).PSBase.InvokeGet("Name")
}
But I also want to get a "domain" that these accounts belong to. Any suggestion?
Upvotes: 3
Views: 97
Answers (1)
Reputation: 440112
Tip of the hat to Santiago Squarzon for his help.
Try the following:
([ADSI] "WinNT://./Administrators,group").Members() |
ForEach-Object { ([ADSI] $_).Path }
.Path returns the full directory-services URI (path) of the group members, which reflects the domain of origin, albeit by mere name, not as a FQDN (fully qualified domain name).
Applying
.TrimStart('WinNT://')on the result, as Santiago suggests, is a simple way to get rid of the protocol scheme.To extract just the domain name, use
(([ADSI] $_).Path -split '//?')[1]
As for getting just the member names, your original code can be simplified to:
([ADSI] "WinNT://./Administrators,group").Members() |
ForEach-Object { ([ADSI] $_).psbase.Name }
Note:
While
.Invoke("Members")can be used to invoke theMembersmethod, regular method-invocation syntax works too (.Members())The objects returned by
.Members()must also be cast to[ADSI]in order for their members to be accessible (as shown in your question).Accessing the
.Nameproperty (the mere account name) requires use of the intrinsic.psbaseproperty, for reasons unknown to me.- By contrast, the
.Pathproperty - containing the account's full directory-services URI (path; e.g.,WinNT://SERVER1/Administrator) - does not require use of.psbase
- By contrast, the
With the exception of the .Path property, which must always be accessed directly, the awkwardness of .psbase.someProperty can be avoided with use of .InvokeGet('someProperty') (as shown in your question, albeit without the need for .psbase)
This enables the following streamlined solutions to retrieve the .Name property values:
- With an
[adsi[]]array cast - note the need for@(...)to force enumeration:
([adsi[]] @([adsi] "WinNT://./Administrators,group").Members()).InvokeGet('Name')
- Alternatively, as Santiago suggests, with the overload of the
.ForEach()array method that accepts a type literal ([adsi]) as an argument, which similarly casts each member to[adsi]
([adsi] "WinNT://./Administrators,group").Members().ForEach([adsi]).InvokeGet('Name')
Upvotes: 4
Related Questions
- Get Domain from URL in PowerShell
- How to switch to another domain and get-aduser
- How to get all computer accounts in an another domain using PowerShell?
- How to Query an AD user in a different domain
- Net User $userName /domain
- Get-ADUser across domains - Help needed
- Finding a User on one of many domains
- Powershell: Using Get-aduser to find the machine hostname of the PC the user is using
- Use powershell to look up 'net user' on other domains?
- powershell or .net - how to receive domain accounts with domain names