widsnet.com
11Jul/120

List all members of a Local Group based on SID

This can be useful to check if a user is a member of a group. But it only lists direct members and not recursive.

function Get-LocalGroupMembers {
    Param([string]$SID)
    $ArrMembers = @()
    $GroupSID = New-Object System.Security.Principal.SecurityIdentifier($SID)
    $GroupName = $GroupSID.Translate([System.Security.Principal.NTAccount]).Value.Split('\')[1]

    $Group = [ADSI]"WinNT://./$GroupName" 
    $Group.psbase.Invoke('Members') | ForEach-Object {
        $Member = $_.GetType().InvokeMember('AdsPath', 'GetProperty', $null, $_, $null)
        $ArrMembers += $Member.Replace('WinNT://','').Replace('/','\')
    }
    Return $ArrMembers
}
Comments (0) Trackbacks (0)

No comments yet.


Leave a comment

No trackbacks yet.