Get remote machine members of Local Administrator group

This Powershell script can detect the members of a remote machine's local Admins group.The script utilises WMI and powershell to query and return all the members of the local "Administrators" group on a remote machine name.The script can also be amended to enumerate any other gro

3.5 Star
47,387 times
Add to favorites
E-mail Twitter Digg Facebook
  • How much can I say thank you?
    1 Posts | Last post September 25, 2019
    • Worked in a 2012R2 Domain and Forest against 2016 servers. WELL DONE. Worked FIRST try.
  • Pulling local users for a domain controller
    2 Posts | Last post September 25, 2019
    • There is something wrong with this script. I am getting domain users on a server that domain users on a server where domain users is not in the administrators group and even the domain controllers are getting results when a domain controller does not have local security groups.
    • You have to use FQDN.
  • Windows 10
    1 Posts | Last post June 27, 2018
    • It does not work when trying to retrieve the administrators of a Windows 10 computer. How do you get this to work on Windows 10 computers?
      Works great on windows 7 btw.
  • Hanging
    3 Posts | Last post January 09, 2017
    • using ShaikHabeeb's version The script starts, but just sits at the server name. It's been like 5min's and I am not getting any output. 
      Any idea's?
    • CProfile,
      I had the same issue, what I found was that since I work in a large enterprise and for some reason this script was iterating through all the users in our domain (my guess) ~40,000.  It would come back after a very long time.  To solve that I approached it from a different direction by using what I found in this article:
      And then ported it to Powershell:
      $remoteAdminGroup = [ADSI]"WinNT://<hostname>/Administrators"
      $localAdmins = $remoteAdminGroup.Invoke("members",$null)
      foreach ($admin in $localAdmins) {
          [System.DirectoryServices.DirectoryEntry]$member = $gm
          # Or add to list etc.
      Very fast and gives me what I wanted.  Hope this helps.
    • Appears this is not new:
  • Can I query for a single domain account in the local administrator group. To find if the domain account is present on the server
    1 Posts | Last post November 29, 2016
  • I need this for windows server 2012. Could any one of you help me for getting local admins of windows 2012 server.
    2 Posts | Last post February 06, 2016
    • Hi,
      We are using windows server 2012 but this code is not working for 2012 server. Could any one of you help me for getting local admins of 2012 server.
    • hi Anuk9 
      can you brief in detail, besides have you set any executionpolicies
  • input
    2 Posts | Last post December 22, 2015
    • Hi,
      Where should i provide the input file. and how does the output file generated.
      boopathi s
    • Answering for others who may benefit from it.
      function get-localadmin { 
      param ($strcomputer) 
      $admins = Gwmi win32_groupuser –computer $strcomputer  
      $admins = $admins |? {$_.groupcomponent –like '*"Administrators"'} 
      $admins |% { 
      $_.partcomponent –match “.+Domain\=(.+)\,Name\=(.+)$” > $nul 
      $matches[1].trim('"') + “\” + $matches[2].trim('"') 
      $Servers = gc .\Servers.txt
      foreach ($s in $Servers)
          Write-Host $s
          $admins = get-localadmin $s 
          foreach ($admin in $admins)
              $str = "$s,$admin"
              $str | Out-File .\AdminList.txt -Append
  • Doesn't seem to be working for me.
    3 Posts | Last post January 06, 2015
    • Doesn't seem to be working for me. What am i doing wrong ?
      PowerShell Prompt> .\Get-Remote-LocalAdmin.ps1
      This is how i am executing it, gives no output on screen.
    • You could add the function to your powershell profile, then you can call it directly:
      e.g. get-localadmin
    • This is a function yes :)
      Thanks to all working and contributing to the code
  • Works great but error when running against a list
    1 Posts | Last post January 09, 2013
    • Thanks for this, it works great. However ive tweaked it to use a text file containing a list of several hunderd computers. I get a few RPC errors when a computer isnt on and itll skip on to the next one. However on some computers i get an 'access denied' which causes the script to stop. Is there a way to get it to skip over these ones or at least a way to highlight which one is causing the problem so i can remove it from the text file?
      Get-WmiObject : Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
      At line:4 char:15
      + $admins = Gwmi <<<<  win32_groupuser –computer $strcomputer   
          + CategoryInfo          : NotSpecified: (:) [Get-WmiObject], UnauthorizedAccessException
          + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.GetWmiObjectCommand
      Cannot index into a null array.
      At line:9 char:10
      + $matches[ <<<< 1].trim('"') + “\” + $matches[2].trim('"')  
          + CategoryInfo          : InvalidOperation: (1:Int32) [], RuntimeException
          + FullyQualifiedErrorId : NullArr