Monitoring local group members doesn't always have to be difficult, as this PowerShell script shows.
- By Jeffery Hicks
Based on the forum messages I see, it appears that keeping tabs on local group membership is a never-ending task. Mr. Roboto has offered a variety of solutions in the past, but I think there's room for at least one more. This month, I have a Windows PowerShell script that creates a graphical interface, which allows you to peek at the members of a group on a local desktop or member server.
Download the script, which is called Display-LocalGroupMember.ps1, from jdhitsolutions.com/scripts. I created the form elements from the freely available PrimalForms from Sapien Technologies. The form file is included in case you want to modify it. The .ZIP file will also contain a .PNG file. Put the script and graphic in the same folder. There's nothing special about the graphic other than the fact that it adds a little color. You may want to substitute a graphic of your own, such as a company logo. Keep any new graphics the same dimension to avoid having to redesign the form.
Running the Script
To run the script, you must have administrator privileges on any remote computer you plan on querying. The script uses Active Directory Services Interfaces (ADSI), so you'll need remote procedure call (RPC) connectivity between your computer and remote computers. Open a PowerShell prompt and enter the full script name:
PS C:\ c:\scripts\display-local
A Windows form will be displayed and your PowerShell session will be blocked until you close the form, thus ending the script.
The interface is simple and intuitive. Enter a computer name, click a button to retrieve local groups, select a local group from the drop-down list and see the group members. The form defaults to the local computer. To see how it works, select Administrators from the drop-down list. Group members will be retrieved and displayed in the data grid. You can resize the columns and form, but unfortunately the data grid view control doesn't support sorting by clicking a column heading. Let me explain what you'll see.
The Name property is self-explanatory. The ADSPath is a path to the member object. If you see the computer name in the path, it's most likely a local account. Otherwise you should see your domain name in the path, indicating a domain account. There are also columns to display the domain name and whether or not the account is local. The last property you'll see is the object class, indicating whether the member is a user or another group.
To check another computer, enter a computer name and click the Get Groups button. If a machine can't be reached, a message will be displayed in the status bar. If a group has no members, that, too, will be displayed in the status bar.
Using the Script
The script is intended to give you a quick check into local group membership. It's not a complete management tool, although you could certainly build one using my script as a starting point. The form has no printing or exporting functionality, though I might add that in at some point.
The script will run on PowerShell 1.0 or PowerShell 2.0 community technology preview 3. I've been able to successfully query just about all remote operating systems with the exception of the Windows 7 beta. The script runs fine locally on Windows 7, and I can query remote machines from Windows 7, but remotely querying a Windows 7 box fails. I'm going to let it be for now because we're still talking about a beta operating system.
As with most Mr. Roboto tools, there are plenty of areas for improvement and enhancement. If you make any, I hope you'll share your changes with the PowerShell community. If you need assistance, please join me in the forums at ScriptingAnswers.com.
Jeffery Hicks is a Microsoft MVP in Windows PowerShell, Microsoft Certified Trainer and an IT veteran with over 20 years of experience, much of it spent as an IT consultant specializing in Microsoft server technologies with an emphasis in automation and efficiency. He works today as an independent author, trainer and consultant. Jeff writes the popular Prof. PowerShell column for MPCMag.com and is a regular contributor to the Petri IT Knowledgebase and 4SysOps. If he isn't writing, then he's most likely recording training videos for companies like TrainSignal or hanging out in the forums at PowerShell.org.
Jeff's latest books are Learn PowerShell 3 in a Month of Lunches, Learn PowerShell Toolmaking in a Month of Lunches and PowerShell in Depth: An Administrators Guide.
You can keep up with Jeff at his blog http://jdhitsolutions.com/blog, on Twitter at twitter.com/jeffhicks and on Google Plus (http:/gplus.to/JeffHicks)