Powershell script to list LOCAL users on all computers within a domain

Question

Looking to obtain a powershell script that will pull a list of LOCAL users on any computer within a domain. I can get the following to work, but its only for one computer in the domain. I'd rather not have to list all the computers as more could be added or removed.

Get-WmiObject -ComputerName Computer1, Computer2, Computer3 -Class Win32_UserAccount -Filter "LocalAccount=True" | Select PSComputername, Name, Status, Disabled

Ideally the script would first pull all computers in the domain and then use that as input to the -ComputerName

Thanks in advance

Get-WmiObject -ComputerName Computer1, Computer2, Computer3 -Class Win32_UserAccount -Filter "LocalAccount=True" | Select PSComputername, Name, Status, Disabled

Ideally the script would first pull all computers in the domain and then use that as input to the -ComputerName

Answer 1

There are a lot of quite simple solutions, but you might want to extend it a little bit to detect missing responses.

Simple

#Get all computer - Requires AD Commandlets and is not what you need in most cases
$Computer = Get-ADComputer -filter * | Select-Object -ExpandProperty DNSHostName

# Get local users - your filter still there
Get-WmiObject -ComputerName $Computer -Class Win32_UserAccount -Filter "LocalAccount=True" | Select PSComputername, Name, Status, Disabled

Simple without AD-Module

$Computer = ([adsisearcher]"objectcategory=computer").FindAll().properties.dnshostname

# Get local users - your filter still there
Get-WmiObject -ComputerName $Computer -Class Win32_UserAccount -Filter "LocalAccount=True" | Select PSComputername, Name, Status, Disabled

A little bit more detection

# All *Windows* Computer except DCs
$Computers = Get-ADComputer -LDAPfilter "(& (objectCategory=Computer) (!userAccountControl:1.2.840.113556.1.4.803:=8192))" -Properties OperatingSystem, OperatingSystemVersion, WhenCreated, WhenChanged, LastLogonDate | where {$_.OperatingSystem -like "*Windows*"  -and $_.DNSHostname}
$TotalComputersCount = $Computers | Measure-Object | Select-Object -ExpandProperty Count

# WMI Query and new list of all local users - as you had it including a filter as an example
$WMIResult = Get-WmiObject -ComputerName $Computers.DNSHostName -Class Win32_UserAccount -Filter "LocalAccount=True" -ErrorAction SilentlyContinue | Select Name, Status, Disabled, PSComputerName
# Count the users that were found
$UserCount = $WMIResult | Measure-Object | Select-Object -ExpandProperty Count

# List of computernames where query has returned usernames
$WMIQuerySuccessfulOnComputerName = $WMIResult | Select -ExpandProperty PSComputerName | Sort -unique
# Count these computers
$ComputerCount = $WMIQuerySuccessfulOnComputerName | Measure-Object | Select-Object -ExpandProperty Count

# List of Computer Objects for that the WMI query did not return any user
$FailedComputerObject = $ReturnObject.ComputerObjects | Where {$WMIQuerySuccessfulOnComputerName -notContains $_.Name}
if ($FailedComputerObject) {Write-Warning "Failed Computer Objects:";$FailedComputerObject}

# Output local users in gridview
$WMIResult | Out-GridView -Title "Detected $UserCount local users on $ComputerCount/$TotalComputersCount computers" -PassThru

If you would like to extend it and switch to a foreach, the script might get slow, unless you use PowerShell 7 with foreach -parallel

To improve the performance, you might want to filter $Computers so that you don't have OS that doesn't work with Get-WmiObject. For that you might use -filter 'OperatingSystem -like "*Windows*' - that works good for most environments but also requires AD-Modules.

If you have WMI closed for a lot of computers you might want to use a pssession additionally to check the missing ones, or switch back to other legacy methods that might still be available for you.