Is there an easier way to get Admin user information from remote desktops?

Hello Experts,

Is there an easier way to express the parameters, variables and cmdlets to retrieve Admin user information from desktop computers?

The script below seems verbose and overly complex. Why is there a  [ADSI]"WinNT:// syntax and "^Winnt\:\/\/(?<domainName>\S+)\/(?<CompName>\S+)\/") string within the try-catch syntax?

If you could please add perspective, I'd surely appreciate your insight. Thank you.

****************************************************************
Set-ExecutionPolicy remotesigned -Force
Import-Module activedirectory

[CmdletBinding()]
Param(
 [Parameter( ValueFromPipeline=$true,
 ValueFromPipelineByPropertyName=$true
 )]
 [string[]]
 $ComputerName = "get-content c:\Scripts\DesktopComputers.txt",
 
 [Parameter()]
 [string]
 $LocalGroupName = "Administrators",
 
 [Parameter()]
 [string]
 $OutputDir = "c:\Scripts"
)
 
Begin {
 
 $OutputFile = Join-Path $OutputDir "LocalGroupMembers.csv"
 Write-Verbose "Script will write the output to $OutputFile folder"
 Add-Content -Path $OutPutFile -Value "ComputerName, LocalGroupName, Status, MemberType, MemberDomain, MemberName"
}
 
Process {
 ForEach($Computer in $ComputerName) {
 Write-host "Working on $Computer"
 If(!(Test-Connection -ComputerName $Computer -Count 1 -Quiet)) {
 Write-Verbose "$Computer is offline. Proceeding with next computer"
 Add-Content -Path $OutputFile -Value "$Computer,$LocalGroupName,Offline"
 Continue
 } else {
 Write-Verbose "Working on $computer"
 try {
 $group = [ADSI]"WinNT://$Computer/$LocalGroupName"
 $members = @($group.Invoke("Members"))
 Write-Verbose "Successfully queries the members of $computer"
 if(!$members) {
 Add-Content -Path $OutputFile -Value "$Computer,$LocalGroupName,NoMembersFound"
 Write-Verbose "No members found in the group"
 continue
 }
 }
 catch {
 Write-Verbose "Failed to query the members of $computer"
 Add-Content -Path $OutputFile -Value "$Computer,,FailedToQuery"
 Continue
 }
 foreach($member in $members) {
 try {
 $MemberName = $member.GetType().Invokemember("Name","GetProperty",$null,$member,$null)
 $MemberType = $member.GetType().Invokemember("Class","GetProperty",$null,$member,$null)
 $MemberPath = $member.GetType().Invokemember("ADSPath","GetProperty",$null,$member,$null)
 $MemberDomain = $null
 if($MemberPath -match "^Winnt\:\/\/(?<domainName>\S+)\/(?<CompName>\S+)\/") {
 if($MemberType -eq "User") {
 $MemberType = "LocalUser"
 } elseif($MemberType -eq "Group"){
 $MemberType = "LocalGroup"
 }
 $MemberDomain = $matches["CompName"]
 
 } elseif($MemberPath -match "^WinNT\:\/\/(?<domainname>\S+)/") {
 if($MemberType -eq "User") {
 $MemberType = "DomainUser"
 } elseif($MemberType -eq "Group"){
 $MemberType = "DomainGroup"
 }
 $MemberDomain = $matches["domainname"]
 
 } else {
 $MemberType = "Unknown"
 $MemberDomain = "Unknown"
 }
 Add-Content -Path $OutPutFile -Value "$Computer, $LocalGroupName, SUCCESS, $MemberType, $MemberDomain, $MemberName"
 } catch {
 Write-Verbose "failed to query details of a member. Details $_"
 Add-Content -Path $OutputFile -Value "$Computer,,FailedQueryMember"
 }
 
 }
 }
 
 }
 
}
End {}
CuriousMAUserAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
footechConnect With a Mentor Commented:
The ADSI syntax is necessary to lookup local account information.  It can also be used to lookup Active Directory info (if you don't have the AD cmdlets whose syntax is much simpler but performance is about 5 times worse).
The "^Winnt\:\/\/(?<domainName>\S+)\/(?<CompName>\S+)\/" string is regular expression used with the -match operator.

Working with ADSI is a pain.  I don't think the script is overly complex.  It includes error handling which can easily double or triple the amount lines of code.
0
 
CuriousMAUserAuthor Commented:
Thank you for the quick response. Currently, I also reference the book titled 'PowerShell In Depth' isbn 9781617292187. Thank you, again.
0
All Courses

From novice to tech pro — start learning today.