powershelladsisidgroup

Powershell ADSI: Can I query the local Administrators group using a SID?

I am in a multilanguage client environment. The local administrators are "Administratoren", "Administrators","Administradores","Administrateurs" and so on. This works to get the group members using Invoke-Expression:

PS C:\> Get-LocalGroupMember -SID "S-1-5-32-544"

ObjectClass Name                 PrincipalSource
----------- ----                 ---------------
Benutzer    PC-JOU\Administrator Local          
Benutzer    PC-JOU\Jou           Local

Working example using the normal group name, for example on a German client WITHOUT needing Invoke-*:

PS C:\> $ADSI = [ADSI]"WinNT://IP-of-computer/Administratoren"
PS C:\> $ADSI.Invoke("Members") | foreach {$_.GetType().InvokeMember("ADsPath", 'GetProperty', $null, $_, $null)}
WinNT://PC-JOU/Administrator
WinNT://PC-JOU/Jou

But I cannot get this to work with a SID to have this international:

PS C:\> $ADSI = [ADSI]"WinNT://IP-of-computer/S-1-5-32-544"
PS C:\> $ADSI.Invoke("Members") | foreach {$_.GetType().InvokeMember("ADsPath", 'GetProperty', $null, $_, $null)}
Ausnahme beim Abrufen des Elements "Invoke": "Der Gruppenname konnte nicht gefunden werden."
In Zeile:1 Zeichen:1
+ $ADSI.Invoke("Members") | foreach {$_.GetType().InvokeMember("ADsPath ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], ExtendedTypeSystemException
    + FullyQualifiedErrorId : CatchFromBaseGetMember

I got so far to see the propertyvalue of the sid:

PS C:\> $ADSI.objectSid
1
2
0
0
0
0
0
5
32
0
0
0
32
2
0
0

PS C:\> $ADSI.objectSid.GetType()

IsPublic IsSerial Name                                     BaseType                                                                                                                                          
-------- -------- ----                                     --------                                                                                                                                          
True     False    PropertyValueCollection                  System.Collections.CollectionBase

Any idea how I can get this to work, using [ADSI] with the SID value of the local admin? It would save me using Invoke-Expression method.

Solution

  • SOLVED: As per comment from Santiago Squarzon, I can get the actual local administrator group name with WMI. With the right group name everything else is solved.

    Working example: I query from an English domain controller, getting the local "Administratoren" from the German remote machine:

    $RemoteAdminGroupName = (Get-WmiObject Win32_Group -Computername 192.168.33.57 -Filter "SID='S-1-5-32-544'").Name
"local admin group on remote machine: $RemoteAdminGroupName"
$ADSI = [ADSI]"WinNT://192.168.33.57/$RemoteAdminGroupName"
$ADSI.Invoke("Members") | foreach {$_.GetType().InvokeMember("ADsPath", 'GetProperty', $null, $_, $null)}

    Result:

    local admin group on remote machine: Administratoren
WinNT://S2016-DE-TEST/Administrator
WinNT://PKI-TEST/Domain Admins

    enter image description here