Retrieve all local user accounts information on remote computers (PowerShell)

This PowerShell Script shows how to retrieve all local user accounts information on remote computers.

 
 
 
 
 
4.3 Star
(18)
33,660 times
Add to favorites
1/14/2014
E-mail Twitter del.icio.us Digg Facebook
Sign in to ask a question


  • how can I get the script to password expiry date?
    4 Posts | Last post July 14, 2017
    • The script resolves almost all my requirements expect one. I need to get the local users password expiry date and user's last login date and time. can anyone please help me with this
    • the below script it faster than the above and also with expiry date.
      Param
      (
      	[Parameter(Position=0,Mandatory=$false)]
      	[ValidateNotNullorEmpty()]
      	[Alias('cn')][String[]]$ComputerName=$Env:COMPUTERNAME,
      	[Parameter(Position=1,Mandatory=$false)]
      	[Alias('un')][String[]]$AccountName,
      	[Parameter(Position=2,Mandatory=$false)]
      	[Alias('cred')][System.Management.Automation.PsCredential]$Credential
      )
      $Obj = @()
      
      $now = Get-Date
      
      Foreach($Computer in $ComputerName)
      {
      	If($Credential)
      	{
      		$AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
      		-Filter "LocalAccount='$True'" -ComputerName $Computer -Credential $Credential -ErrorAction Stop
      	}
      	else
      	{
      		$AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
      		-Filter "LocalAccount='$True'" -ComputerName $Computer -ErrorAction Stop
      	}
      
      
      
      	$Obj = $AllLocalAccounts | ForEach-Object {
      
               	$user = ([adsi]"WinNT://$computer/$($_.Name),user")
               	$pwAge    = $user.PasswordAge.Value
               	$maxPwAge = $user.MaxPasswordAge.Value
               	$pwLastSet = $now.AddSeconds(-$pwAge)
      
               New-Object -TypeName PSObject -Property @{
      
      	  
                 'Name'                 = $_.Name
                 'Full Name'            = $_.FullName
                 'Disabled'             = $_.Disabled
      'Description'          = $_.Description
                 'Status'               = $_.Status
                 'LockOut'              = $_.LockOut
                 'Password Expires'     = $_.PasswordExpires
                 'Password Last Set'    = $pwLastSet
                 'Password Expiry Date' = $now.AddSeconds($maxPwAge - $pwAge)
                 'Password Required'    = $_.PasswordRequired
                 'Account Type'         = $_.AccountType
                 'Domain'               = $_.Domain
                 
       	   'Password Age'         = ($now - $pwLastSet).Days
      	  
                 
               }
             }
      
      If($AccountName)
      	{
      		Foreach($Account in $AccountName)
      		{
      			$Obj|Where-Object{$_.Name -like "$Account"}
      		}
      	}
      	else
      	{
      		$Obj
      	}
      
      
    • It looks like some of the code may have been cutoff, I get the following error regarding missing a ending bracket:
      
      PS C:\PowerShellScripts> C:\PowerShellScripts\ShowListOfUsersandPWExpiry.ps1
      At C:\PowerShellScripts\ShowListOfUsersandPWExpiry.ps1:40 char:1
      + {
      + ~
      Missing closing '}' in statement block.
          + CategoryInfo          : ParserError: (:) [], ParentContainsErrorRecordException
          + FullyQualifiedErrorId : MissingEndCurlyBrace
      
      
      Also the following error as well:
      
      
       The attribute cannot be added because variable ComputerName with value System.String[] would no longer be valid.
      At C:\PowerShellScripts\ShowListOfUsersandPWExpiry.ps1:27 char:2
      +     [Parameter(Position=0,Mandatory=$false)]
      +     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : MetadataError: (:) [], ValidationMetadataException
          + FullyQualifiedErrorId : ValidateSetFailure
       
    • Hey Christopher,
      
      The below script works fine.
      
      ==============
      
      Param
      (
      	[Parameter(Position=0,Mandatory=$false)]
      	[ValidateNotNullorEmpty()]
      	[Alias('cn')][String[]]$ComputerName=$Env:COMPUTERNAME,
      	[Parameter(Position=1,Mandatory=$false)]
      	[Alias('un')][String[]]$AccountName,
      	[Parameter(Position=2,Mandatory=$false)]
      	[Alias('cred')][System.Management.Automation.PsCredential]$Credential
      )
      $Obj = @()
      
      $now = Get-Date
      
      Foreach($Computer in $ComputerName)
      {
      	If($Credential)
      	{
      		$AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
      		-Filter "LocalAccount='$True'" -ComputerName $Computer -Credential $Credential -ErrorAction Stop
      	}
      	else
      	{
      		$AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" `
      		-Filter "LocalAccount='$True'" -ComputerName $Computer -ErrorAction Stop
      	}
      
      
      
      	$Obj = $AllLocalAccounts | ForEach-Object {
      
               	$user = ([adsi]"WinNT://$computer/$($_.Name),user")
               	$pwAge    = $user.PasswordAge.Value
               	$maxPwAge = $user.MaxPasswordAge.Value
               	$pwLastSet = $now.AddSeconds(-$pwAge)
      
      
               New-Object -TypeName PSObject -Property @{
               
      	  
                 'Account Name'         = $_.Name
                 'Disabled'             = $_.Disabled
                 'Password Expires'     = $_.PasswordExpires
                 'Password Last Set'    = $pwLastSet
                 'Password Expiry Date' = $now.AddSeconds($maxPwAge - $pwAge)
                 'Password Required'    = $_.PasswordRequired
                 'Domain'               = $_.Domain  
       	       'Password Age'         = ($now - $pwLastSet).Days
      	        
               }
             }
      
      If($AccountName)
      	{
      		Foreach($Account in $AccountName)
      		{
      			$Obj|Where-Object{$_.Name -like "$Account"}
      		}
      	}
      	else
      	{
      		$Obj
      	}
         } 
      
  • How do i ?
    1 Posts | Last post October 01, 2015
    • My plan is to email local accounts to tell them there password is about to expire.
      Im not the best when it comes to powershell so bare with me :)
      I need somebody to guide me in the right direction.
      What i want is to list all LOCAL users that have a password age over 85 days and to then go on to email them
      
      I want to know which local user accounts have a password age of 85 days or more.
      the email part i can do myself.
      i just need to say "if (localuser) password age = -ge 85
      write-host (username)
      then i want to send a mail to that user
      
      Please help!
  • Can anyone help get last login time to each computer?
    1 Posts | Last post May 18, 2015
    • I want to run this against a list of computers, but I need the last login time which is stored in the local SAM DB. 
      
      how can I add that into this script?
  • Great script, thank you!
    2 Posts | Last post April 16, 2015
    • My thanks goes to you OneScript Team!
      
      Script is exactly what I was looking for. 
      
      I have this question: 
      how do I export outcome from script to the .txt / .csv file? I am having hard time with it. I've tried Export-csv cmdlet, but it seems I am doing something wrong. 
      (I am PS newbie)
      
      Thanks.
    • I take it back. 
      
      Everything was in description! You have done one perfect job there!
      
      Thanks!
  • Multiple Computers
    2 Posts | Last post November 13, 2014
    • How can I get the script to run against multiple computers I have listed in a text file?
    • Did you ever find the answer to this? I need the same exact thing.
  • how can i get the script to show inactive users
    1 Posts | Last post July 30, 2014
    • hi
      i need to filter out the results of local users who have not logged on for 3 months or around 90 days, may i know how i can do it?
  • Why isn't this a standard part of WMF?
    1 Posts | Last post June 02, 2014
    • Stuff like this that is such high-quality content should be regularly rolled into the WMF deliverables.  I'd love to see great community/MS contributions folded into standardized PowerShell.  
      
      There's no reason a cmdlet like this shouldn't be found in PowerShell, but instead require a user to find and verify the code here.
      
      In other words, great work!
  • Fails To Remote Server
    2 Posts | Last post June 21, 2013
    • Hi, when I use -Computername "123.123.123.123" -Credential $CREDENTIAL
      where, set-variable CREDENTIAL All5Days is used, I get the error:
      
      Get-OSCLocalAccount : Cannot process argument transformation on parameter 'Cred
      ential'. Cannot convert the "All5days" value of type "System.String" to type "S
      ystem.Management.Automation.PSCredential".
      At line:1 char:62
      
      How to fix this? Thank you.
    • One gets this when there are no local accounts on the server...like a domain controller...which is what i was hitting.
  • Fails to Rremote Server 2
    2 Posts | Last post June 21, 2013
    • Hi, does PowerShell have to be installed on all remote servers and workstations in order for the script to work?
    • No it does not.
  • Where are the results if I run this script via SCCM?
    3 Posts | Last post May 01, 2013
    • Our IT department has to find all the local accounts on all the machines in our environment (about 12k).  We would like to run this script on all the clients.  This is easy enough, but where would I find the results of the script?  We need to find which local accounts have been named wrong (admin, $admin, etc.) or if there was ANOTHER Administrator account created with another GUID.  Thanks!
    • Hi smonroe63,
      
      you can use the Get-OSCLocalAccount cmdlet to display the results of local computers and use pipeline to pass the result to export cmdlets(e.g pipeline to Out-File to send output to a file.)
      
      Holp this helps.
    • Hi smonroe63,
      You can find all local account information here http://gallery.technet.microsoft.com/Find-all-Local-user-6f09fe60
      With the help of this script, you will get all local accounts details including password age