Powershell 通过WMI查询获取帐户状态
我将使用WMI查询服务器中的管理员组成员身份。我的问题是:我也想通过WMI查询获取帐户状态。 顺便说一句,域管理员等组没有必需的状态 我的期望输出:Powershell 通过WMI查询获取帐户状态,powershell,Powershell,我将使用WMI查询服务器中的管理员组成员身份。我的问题是:我也想通过WMI查询获取帐户状态。 顺便说一句,域管理员等组没有必需的状态 我的期望输出: "UserName","Fullname","Machinename","DomainName","Account Status" "localuser","MACHINE\localuser","M
"UserName","Fullname","Machinename","DomainName","Account Status"
"localuser","MACHINE\localuser","MACHINE","MACHINE","OK"
"Domain Admins","CONTOSO\Domain Admins","MACHINE","CONTOSO"
"domain_user_01","CONTOSO\domain_user_01","MACHINE","CONTOSO","Degraded"
脚本:
function get-localadministrators {
param ([string]$computername=$env:computername)
$computername = $computername.toupper()
$ADMINS = get-wmiobject -computername $computername -query "select * from win32_groupuser where GroupComponent=""Win32_Group.Domain='$computername',Name='administrators'""" | % {$_.partcomponent}
foreach ($ADMIN in $ADMINS) {
$admin = $admin.replace("\\$computername\root\cimv2:Win32_UserAccount.Domain=","") # trims the results for a user
$admin = $admin.replace("\\$computername\root\cimv2:Win32_Group.Domain=","") # trims the results for a group
$admin = $admin.replace('",Name="',"\")
$admin = $admin.REPLACE("""","")#strips the last "
$objOutput = New-Object PSObject -Property @{
Machinename = $computername
Fullname = ($admin)
DomainName =$admin.split("\")[0]
UserName = $admin.split("\")[1]
}#end object
$objreport+=@($objoutput)
}#end for
return $objreport
}#end function
继续我的评论。
您可以使用WMI或ADSI来执行此操作,但PowerShell v5及更高版本已经有用于此用例的cmdlet
以下所有内容都使用类中的原始属性名称。当然,如果需要不同的名称,可以使用哈希表、PSCustomObject或计算属性来实现
Get-Command -Module '*local*' |
Format-Table -AutoSize
# Results
<#
CommandType Name Version Source
----------- ---- ------- ------
Cmdlet Add-LocalGroupMember 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Disable-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Enable-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Get-LocalGroup 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Get-LocalGroupMember 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Get-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet New-LocalGroup 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet New-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Remove-LocalGroup 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Remove-LocalGroupMember 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Remove-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Rename-LocalGroup 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Rename-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Set-LocalGroup 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Set-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
#>
Get命令-模块'*local*'|
表格格式-自动调整大小
#结果
如果您使用的PSVersion默认情况下没有此功能,您可以在此处获得:
Find-Module -Name '*local*' |
Format-Table -AutoSize
# Results
<#
Version Name Repository Description
------- ---- ---------- -----------
...
1.6 localaccount PSGallery A Simple module to allow the management of local users and groups on a computer
1.0.0.0 Microsoft.PowerShell.LocalAccounts PSGallery Provides cmdlets to work with local users and local groups
3.0 LocalUserManagement PSGallery a module that performs various local user management functions
1.3 LocalMachine PSGallery Simple management functions for accounts and settings on a local machine.
0.1.1 LocalAccountManagement PSGallery Manage local and remote user accounts and profiles
...
1.0.1 cLocalGroup PSGallery The cLocalGroup module contains the cLocalGroup DSC resource that provides a mecha...
2.1.0 ECS.LocalGPO PSGallery This Windows PowerShell module contains functions used for working with Windows lo...
...
#>
Find Module-Name'*local*'|
表格格式-自动调整大小
#结果
如果您一直使用WMI,那么
发现您必须处理的内容以及任何相关的类关系
# Group Detail
Clear-Host
((Get-WmiObject -Class Win32_Group) -match 'Administrators')[0] |
Select-Object -Property '*'
<#
PSComputerName : 570A5E12-BA93-4
Status : OK
Name : Administrators
__GENUS : 2
__CLASS : Win32_Group
__SUPERCLASS : Win32_Account
__DYNASTY : CIM_ManagedSystemElement
__RELPATH : Win32_Group.Domain="570A5E12-BA93-4",Name="Administrators"
__PROPERTY_COUNT : 9
__DERIVATION : {Win32_Account, CIM_LogicalElement, CIM_ManagedSystemElement}
__SERVER : 570A5E12-BA93-4
__NAMESPACE : root\cimv2
__PATH : \\570A5E12-BA93-4\root\cimv2:Win32_Group.Domain="570A5E12-BA93-4",Name="Administrators"
Caption : 570A5E12-BA93-4\Administrators
Description : Administrators have complete and unrestricted access to the computer/domain
Domain : 570A5E12-BA93-4
InstallDate :
LocalAccount : True
SID : S-1-5-32-544
SIDType : 4
...
#>
Get-WmiObject -Class Win32_Group |
Select-Object -Property Name, SIDType
# Results
<#
Name SIDType
---- -------
...
Administrators 4
...
Guests 4
...
Users 4
#>
# User Detail
Clear-Host
(Get-WmiObject -Class Win32_Account)[0] |
Select-Object -Property '*'
<#
PSComputerName : 570A5E12-BA93-4
Status : Degraded
Caption : 570A5E12-BA93-4\Administrator
PasswordExpires : False
__GENUS : 2
__CLASS : Win32_UserAccount
__SUPERCLASS : Win32_Account
__DYNASTY : CIM_ManagedSystemElement
__RELPATH : Win32_UserAccount.Domain="570A5E12-BA93-4",Name="Administrator"
__PROPERTY_COUNT : 16
__DERIVATION : {Win32_Account, CIM_LogicalElement, CIM_ManagedSystemElement}
__SERVER : 570A5E12-BA93-4
__NAMESPACE : root\cimv2
__PATH : \\570A5E12-BA93-4\root\cimv2:Win32_UserAccount.Domain="570A5E12-BA93-4",Name="Administrator"
AccountType : 512
Description : Built-in account for administering the computer/domain
Disabled : True
Domain : 570A5E12-BA93-4
FullName :
InstallDate :
LocalAccount : True
Lockout : False
Name : Administrator
PasswordChangeable : True
PasswordRequired : True
SID : S-1-5-21-2047949552-857980807-821054962-500
SIDType : 1
...
#>
Get-WmiObject -Class Win32_Account |
Select-Object -Property Name, SIDType
# Results
<#
Name SIDType
---- -------
Administrator 1
DefaultAccount 1
Guest 1
WDAGUtilityAccount 1
Everyone 5
...
BUILTIN 3
...
Administrators 4
...
Guests 4
...
Users 4
#>
#组详细信息
清除主机
((获取WmiObject-类Win32_组)-匹配“Administrators”)[0]|
选择对象-属性“*”
获取WmiObject-类Win32|u组|
选择对象-属性名称,SIDType
#结果
#用户详细信息
清除主机
(获取WmiObject-类Win32_帐户)[0]|
选择对象-属性“*”
获取WmiObject-类Win32|U帐户|
选择对象-属性名称,SIDType
#结果
下面将通过先选择用户来获取所有用户和所属组,这是您在帖子中显示的内容,但这实际上是一种短路逻辑,因为您只在管理员中查找查询的用途。所以,这个
只选择你需要的。注意将SIDType代码作为过滤器的重点
Clear-Host
Get-WmiObject -Class Win32_Account |
Where-Object -Property SIDType -eq 1 |
Select-Object -Property PSComputerName, Name, Status,
@{
Name = 'Groups'
Expression = {($PSItem).GetRelated('Win32_Group').Name}
} |
Format-Table -AutoSize
# Results
<#
PSComputerName Name Status Groups
-------------- ---- ------ ------
570A5E12-BA93-4 Administrator Degraded Administrators
570A5E12-BA93-4 DefaultAccount Degraded System Managed Accounts Group
570A5E12-BA93-4 Guest Degraded Guests
570A5E12-BA93-4 WDAGUtilityAccount OK {Administrators, Remote Desktop Users}
#>
清除主机
获取WmiObject-类Win32|U帐户|
其中对象-属性类型-等式1|
选择对象-属性名称、名称、状态,
@{
名称='组'
表达式={($PSItem).GetRelated('Win32_组').Name}
} |
表格格式-自动调整大小
#结果
当然,如果你喜欢的话,你可以用正则表达式去掉括号。最后,删除Where对象行和SIDType过滤器,您就可以获得所有内容
Clear-Host
Get-WmiObject -Class Win32_Account |
Select-Object -Property PSComputerName, Name, Status,
@{
Name = 'Groups'
Expression = {($PSItem).GetRelated('Win32_Group').Name}
} |
Format-Table -AutoSize
# Results
<#
PSComputerName Name Status Groups
-------------- ---- ------ ------
570A5E12-BA93-4 Administrator Degraded Administrators
570A5E12-BA93-4 DefaultAccount Degraded System Managed Accounts Group
570A5E12-BA93-4 Guest Degraded Guests
570A5E12-BA93-4 WDAGUtilityAccount OK {Administrators, Remote Desktop Users}
570A5E12-BA93-4 Everyone OK
...
570A5E12-BA93-4 NETWORK OK
570A5E12-BA93-4 BATCH OK
570A5E12-BA93-4 INTERACTIVE OK Users
...
570A5E12-BA93-4 SELF OK
570A5E12-BA93-4 Authenticated Users OK Users
570A5E12-BA93-4 RESTRICTED OK
...
570A5E12-BA93-4 IUSR OK IIS_IUSRS
...
#>
清除主机
获取WmiObject-类Win32|U帐户|
选择对象-属性名称、名称、状态,
@{
名称='组'
表达式={($PSItem).GetRelated('Win32_组').Name}
} |
表格格式-自动调整大小
#结果
反向请求---只选择您需要的,不需要的
Clear-Host
Get-WmiObject -Class Win32_Group |
Select-Object -Property PSComputerName, Name, Status,
@{
Name = 'GroupMembers'
Expression = {
(
Get-WmiObject -Class win32_group |
Where Name -eq $PSItem.Name).GetRelated('Win32_UserAccount'
).Name
}
} |
Format-Table -AutoSize
# Results
<#
PSComputerName Name Status GroupMembers
-------------- ---- ------ ------------
570A5E12-BA93-4 Access Control Assistance Operators OK
570A5E12-BA93-4 Administrators OK {Administrator, WDAGUtilityAccount}
570A5E12-BA93-4 Backup Operators OK
570A5E12-BA93-4 Cryptographic Operators OK
570A5E12-BA93-4 Device Owners OK
570A5E12-BA93-4 Distributed COM Users OK
570A5E12-BA93-4 Event Log Readers OK
570A5E12-BA93-4 Guests OK Guest
570A5E12-BA93-4 Hyper-V Administrators OK
570A5E12-BA93-4 IIS_IUSRS OK
570A5E12-BA93-4 Network Configuration Operators OK
570A5E12-BA93-4 Performance Log Users OK
570A5E12-BA93-4 Performance Monitor Users OK
570A5E12-BA93-4 Power Users OK
570A5E12-BA93-4 Remote Desktop Users OK WDAGUtilityAccount
570A5E12-BA93-4 Remote Management Users OK
570A5E12-BA93-4 Replicator OK
570A5E12-BA93-4 System Managed Accounts Group OK DefaultAccount
570A5E12-BA93-4 Users OK
#>
清除主机
获取WmiObject-类Win32|u组|
选择对象-属性名称、名称、状态,
@{
名称='GroupMembers'
表达式={
(
获取WmiObject-类win32|u组|
其中Name-eq$PSItem.Name).GetRelated('Win32_UserAccount'
).姓名
}
} |
表格格式-自动调整大小
#结果
如果PSRemoting(域或工作组模式)设置正确,则直接命中远程系统
# Target a remote computer
Clear-Host
Import-Csv -Path 'D:\Temp\ComputerList.csv' |
ForEach-Object {
Get-WmiObject -Class Win32_Account -ComputerName $PSitem.Name -Credential (Get-Credential -Credential WDAGUtilityAccount) |
Where-Object -Property SIDType -eq 1 |
Select-Object -Property PSComputerName, Name, Status,
@{
Name = 'Groups'
Expression = {($PSItem).GetRelated('Win32_Group').Name}
}
} |
Format-Table -AutoSize
# Results
<#
PSComputerName Name Status Groups
-------------- ---- ------ ------
570A5E12-BA93-4 Administrator Degraded Administrators
570A5E12-BA93-4 DefaultAccount Degraded System Managed Accounts Group
570A5E12-BA93-4 Guest Degraded Guests
570A5E12-BA93-4 TestUser OK Users
570A5E12-BA93-4 WDAGUtilityAccount OK {Administrators, Remote Desktop Users}
#>
#以远程计算机为目标
清除主机
导入Csv-路径“D:\Temp\ComputerList.Csv”|
ForEach对象{
获取WmiObject-类Win32_帐户-计算机名$PSitem.Name-凭证(获取凭证-凭证WDAGUtilityAccount)|
其中对象-属性类型-等式1|
选择对象-属性名称、名称、状态,
@{
名称='组'
表达式={($PSItem).GetRelated('Win32_组').Name}
}
} |
表格格式-自动调整大小
#结果
至于你的具体情况
#只有管理员组
清除主机
获取WmiObject-类Win32|U帐户|
其中对象-属性类型-等式1|
选择对象-属性名称、标题、名称、域、状态,
@{
名称='组'
表达式={($PSItem).GetRelated('Win32_组').Name}
} |
其中对象-属性组-EQ“Administrators”|
表格格式-自动调整大小
#结果
清除主机
获取WmiObject-类Win32|u组|
选择对象-属性名称、标题、名称、域、状态,
@{
名称='GroupMembers'
表达式={
(
获取WmiObject-类win32|u组|
其中Name-eq$PSItem.Name).GetRelated('Win32_UserAccount'
).姓名
}
} |
表格格式-自动调整大小
#结果
#只有管理员组
清除主机
获取WmiObject-类Win32|u组|
其中Object-属性名-eq'Administrators'|
选择对象-属性名称、标题、名称、域、状态,
@{
名称='GroupMembers'
表达式={
(
获取WmiObject-类win32|u组|
其中Name-eq$PSItem.Name).GetRelated('Win32_UserAccount'
).姓名
}
} |
表格格式-自动调整大小
#结果
根据您的评论进行更新。
至于这个
我可以通过directoryservices.NET类而不是WMI进行写入吗
当然可以,正如这里详述的
。。。但是使用它不会返回您列出的输出
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$ctype = [System.DirectoryServices.AccountManagement.ContextType]::Machine
$context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext -ArgumentList $ctype, $env:COMPUTERNAME
$idtype = [System.DirectoryServices.AccountManagement.IdentityType]::SamAccountName
$group = [System.DirectoryServices.AccountManagement.GroupPrincipal]::FindByIdentity($context, $idtype, ‘Administrators’)
$group.Members |
Select-Object -Property '*' -First 1
# Results
<#
GivenName :
MiddleName :
Surname :
EmailAddress :
VoiceTelephoneNumber :
EmployeeId :
AdvancedSearchFilter : System.DirectoryServices.AccountManagement.AdvancedFilters
Enabled : False
AccountLockoutTime :
LastLogon :
PermittedWorkstations : {}
PermittedLogonTimes : {255, 255, 255, 255...}
AccountExpirationDate :
SmartcardLogonRequired : False
DelegationPermitted : True
BadLogonCount : 0
HomeDirectory :
HomeDrive :
ScriptPath :
LastPasswordSet : 3/28/2021 10:20:29 AM
LastBadPasswordAttempt :
PasswordNotRequired : False
PasswordNeverExpires : True
UserCannotChangePassword : False
AllowReversiblePasswordEncryption : False
Certificates : {}
Context : System.DirectoryServices.AccountManagement.PrincipalContext
ContextType : Machine
Description : Built-in account for administering the computer/domain
DisplayName :
SamAccountName : Administrator
UserPrincipalName :
Sid : S-1-5-21-2047949552-857980807-821054962-500
Guid :
DistinguishedName :
StructuralObjectClass :
Name : Administrator
#>
添加类型-AssemblyName System.DirectoryServices.AccountManagement
$ctype=[System.DirectoryServices.AccountManagement.ContextType]::计算机
$context=New Object-TypeName System.DirectoryServices.AccountManagement.PrincipalContext-ArgumentList$ctype,$env:COMPUTERNAME
$idtype=[System.DirectoryServices.AccountManagement.IdentityType]::SamAccountName
$group=[System.DirectoryServices.AccountManagement.GroupPrincipal]::FindByIdentity($context,$idtype,'Administrators'))
$group.Members|
选择对象-属性“*”-第一个1
#结果
继续我的评论。
您可以使用WMI或ADSI来执行此操作,但PowerShell v5及更高版本已经有用于此用例的cmdlet
以下所有内容都使用类中的原始属性名称。当然,如果需要不同的名称,可以使用哈希表、PSCustomObject或计算属性来实现
Get-Command -Module '*local*' |
Format-Table -AutoSize
# Results
<#
CommandType Name Version Source
----------- ---- ------- ------
Cmdlet Add-LocalGroupMember 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Disable-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Enable-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Get-LocalGroup 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Get-LocalGroupMember 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Get-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet New-LocalGroup 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet New-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Remove-LocalGroup 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Remove-LocalGroupMember 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Remove-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Rename-LocalGroup 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Rename-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Set-LocalGroup 1.0.0.0 Microsoft.PowerShell.LocalAccounts
Cmdlet Set-LocalUser 1.0.0.0 Microsoft.PowerShell.LocalAccounts
#>
Get命令-模块'*local*'|
格式-T