Mr. Roboto

Group Therapy

Monitoring local group members doesn't always have to be difficult, as this PowerShell script shows.

Based on the forum messages I see, it appears that keeping tabs on local group membership is a never-ending task. Mr. Roboto has offered a variety of solutions in the past, but I think there's room for at least one more. This month, I have a Windows PowerShell script that creates a graphical interface, which allows you to peek at the members of a group on a local desktop or member server.

Download the script, which is called Display-LocalGroupMember.ps1, from I created the form elements from the freely available PrimalForms from Sapien Technologies. The form file is included in case you want to modify it. The .ZIP file will also contain a .PNG file. Put the script and graphic in the same folder. There's nothing special about the graphic other than the fact that it adds a little color. You may want to substitute a graphic of your own, such as a company logo. Keep any new graphics the same dimension to avoid having to redesign the form.

Running the Script
To run the script, you must have administrator privileges on any remote computer you plan on querying. The script uses Active Directory Services Interfaces (ADSI), so you'll need remote procedure call (RPC) connectivity between your computer and remote computers. Open a PowerShell prompt and enter the full script name:

PS C:\ c:\scripts\display-local 

A Windows form will be displayed and your PowerShell session will be blocked until you close the form, thus ending the script.

The interface is simple and intuitive. Enter a computer name, click a button to retrieve local groups, select a local group from the drop-down list and see the group members. The form defaults to the local computer. To see how it works, select Administrators from the drop-down list. Group members will be retrieved and displayed in the data grid. You can resize the columns and form, but unfortunately the data grid view control doesn't support sorting by clicking a column heading. Let me explain what you'll see.

The Name property is self-explanatory. The ADSPath is a path to the member object. If you see the computer name in the path, it's most likely a local account. Otherwise you should see your domain name in the path, indicating a domain account. There are also columns to display the domain name and whether or not the account is local. The last property you'll see is the object class, indicating whether the member is a user or another group.

To check another computer, enter a computer name and click the Get Groups button. If a machine can't be reached, a message will be displayed in the status bar. If a group has no members, that, too, will be displayed in the status bar.

Using the Script
The script is intended to give you a quick check into local group membership. It's not a complete management tool, although you could certainly build one using my script as a starting point. The form has no printing or exporting functionality, though I might add that in at some point.

The script will run on PowerShell 1.0 or PowerShell 2.0 community technology preview 3. I've been able to successfully query just about all remote operating systems with the exception of the Windows 7 beta. The script runs fine locally on Windows 7, and I can query remote machines from Windows 7, but remotely querying a Windows 7 box fails. I'm going to let it be for now because we're still talking about a beta operating system.

As with most Mr. Roboto tools, there are plenty of areas for improvement and enhancement. If you make any, I hope you'll share your changes with the PowerShell community. If you need assistance, please join me in the forums at

About the Author

Jeffery Hicks is an IT veteran with over 25 years of experience, much of it spent as an IT infrastructure consultant specializing in Microsoft server technologies with an emphasis in automation and efficiency. He is a multi-year recipient of the Microsoft MVP Award in Windows PowerShell. He works today as an independent author, trainer and consultant. Jeff has written for numerous online sites and print publications, is a contributing editor at, and a frequent speaker at technology conferences and user groups.


  • Microsoft Starting To Roll Out New Excel Connected Data Types

    Microsoft on Thursday announced some Excel and Power BI enhancements that add "connected data types" on top of the standard strings and numbers options.

  • Windows 10 Users Getting New Process for Finding Optional Driver Updates

    Accessing Windows 10 drivers classified as "optional updates" will be more of a manual seek-and-install type of experience, starting on Nov. 5, 2020, Microsoft explained in a Wednesday announcement.

  • Microsoft Changes Privacy Platform Name to SmartNoise

    Microsoft Research has changed the name of its "differential privacy" platform from "WhiteNoise" to "SmartNoise," according to a Wednesday announcement.

  • Why Restarting a Failed SCVMM Job Might Be a Bad Idea

    Occasionally, restarting a failed System Center Virtual Machine Manager job can leave your virtualization infrastructure in an unknown state. Here's how to avoid that.

comments powered by Disqus