How to Get Local User Accounts from Domain Computers

Local user accounts on domain computers always pose security risks. But as a domain admin, before you disable or delete these accounts, you need to analyze them first. For that, you will need to get the list of all local user accounts from domain computers. Then, you can analyze the risk factors of each account.

Depending upon the requirement, some accounts may be useful while others may not. And you can then finalize a policy for useless accounts. So, in this tutorial, we are going to show you how you can fetch a list of all local user accounts from domain computers using the PowerShell script.

WARNING: Working with the PowerShell scripts requires extra care. We suggest you take supervision from your Senior IT Administrator if you are not sure about the working of the PowerShell scripts.

Fetch Local User Accounts from Domain Computers using PowerShell Script

We have divided this tutorial into parts. So that you can understand the workings of the script easily. In the first part, we will explain the functionality of the PowerShell script. And in later parts, we will show you how to make it work. So, let’s get started with preparing the script.

A) Getting the Script Ready

The PowerShell script we are going to use in this tutorial uses gwmi or Get-WmiObject commands to fetch local user account details from remote computers.

The first part of the script starts with fetching all computer accounts in the domain. And, we use $computers variable to store the names of all computer objects in the domain.

$Computers = (Get-ADComputer -Filter * -Properties * | Where {$_.Enabled -eq $True -and $_.Description -notlike "Fail*"}).Name

Next, we are going to loop through all the computers one by one using the ForEach loop to get all local user accounts from each computer. And, will store all local user accounts in the $AllLocalAccounts variable. Here is the code snippet.

$AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" -Filter "LocalAccount='$True'" -ComputerName $Computer

Now, we again loop through each local user account found on a computer to get its details. Then, store these details in variables which are finally added to the $Report variable.

Foreach($LocalAccount in $AllLocalAccounts) {
 $Properties = [ordered]@{
  'Computer'        = $Computer
  'ComputerStatus'  = "Online"
  'UserName'        = $LocalAccount.Name
  'Disabled'        = $LocalAccount.Disabled
  'LockedOut'       = $LocalAccount.LockOut
  'PwdChangeable'   = $LocalAccount.PasswordChangeable
  'PwdExpires'      = $LocalAccount.PasswordExpires
  'PwdRequired'     = $LocalAccount.PasswordRequired
  'Description'     = $LocalAccount.Description
 }
 $Report += New-Object -TypeName PSObject -Property $Properties
}

Finally, the report is exported in CSV format. You can change the report saving location and name of the report by changing -path attribute.

$DateTime = (Get-Date).ToString('dd-MMM-yyyy_hh-mm-ss')
$Report | Export-Csv -Path .\LocalAcReport-$DateTime.Csv -NoTypeInformation

SEE ALSO: How to Reset Passwords of Users from Multiple Domains using PowerShell Script?

B) PowerShell Script for Fetching Local User Accounts from Domain Computers

Hope you get the idea behind the script. So, here is the full script that you can use to get the list of all local user accounts from domain computers. This script requires PowerShell version 2 or higher. So, you can run it on Windows Server 2008 R2, 2012, 2012 R2, 2016 and 2019.

#################################################################
# This Script gets computers in domain and fetches the list of  #
# local accounts on them. Then prepares the report in csv format#
# Author: HELLPC Tutorials (windospc.com)                     #
# Created: 06-Jan-2021                                          #
# Modified: 06-Jan-2021                                         #
#################################################################
# Import required Modules
Import-Module ActiveDirectory

# Setting Error Action Preference to stop on error.
$ErrorActionPreference = 'SilentlyContinue'

# Create blank report variable
$Report = @()

# Get the list of all computers in domain
$Computers = (Get-ADComputer -Filter * -Properties * | Where {$_.Enabled -eq $True -and $_.Description -notlike "Fail*"}).Name
$CompCount = $Computers.Count
$i = 0

# Looping through all domain computers
Foreach($Computer in $Computers) {
 $i++
 Write-Progress -Activity "Getting local accounts" -Status "In progress…" -PercentComplete ($i/$CompCount*100)
 Write-Output "Getting local accounts from computer: $Computer"

 Try {
  # Get the list of all local accounts in selected computer   
  $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" -Filter "LocalAccount='$True'" -ComputerName $Computer
  # Get the details of each local account
  Foreach($LocalAccount in $AllLocalAccounts) {
   $Properties = [ordered]@{
    'Computer'        = $Computer
    'ComputerStatus'  = "Online"
    'UserName'        = $LocalAccount.Name
    'Disabled'        = $LocalAccount.Disabled
    'LockedOut'       = $LocalAccount.LockOut
    'PwdChangeable'   = $LocalAccount.PasswordChangeable
    'PwdExpires'      = $LocalAccount.PasswordExpires
    'PwdRequired'     = $LocalAccount.PasswordRequired
    'Description'     = $LocalAccount.Description
   }
   $Report += New-Object -TypeName PSObject -Property $Properties
  }
 }
 Catch {
  $ErrorMsg = $Error.Exception.Message | Select -First 1
  $Properties = [ordered]@{
   'Computer'        = $Computer
   'ComputerStatus'  = "NotReachable"
   'UserName'        = ""
   'Disabled'        = ""
   'LockedOut'       = ""
   'PwdChangeable'   = ""
   'PwdExpires'      = ""
   'PwdRequired'     = ""
   'Description'     = $ErrorMsg
  }
  $Report += New-Object -TypeName PSObject -Property $Properties
 }
}

DISCLAIMER: This script is provided without any warranty on an “AS IS” basis. Make sure to run the script in the LAB environment before trying it in the Production environment. We take no responsibility for any kind of damage caused by running the script.


C) Saving the PowerShell Script (.ps1) File

  • Copy and paste the above script code to Notepad.
Copy And Paste Script Into Notepad
Copy and Paste the Script into Notepad
  • Save the script as the .ps1 file. .ps1 is the file extension for PowerShell script files. Make sure you select All Files (*.*) in “Save as type:” dropdown below the textbox for File name:. In this tutorial, we have saved the script as Get-LocalAccounts.ps1.
Save Script File As Ps1 File In A Folder On Desktop
Save the Script in a folder on the Desktop
  • Now you have the script ready to run. You can run this script in PowerShell to fetch all local user accounts from domain computers.
Get local accounts from domain computers: Script Saved As Ps1 File On Computer
Get-LocalAccounts.ps1 script saved on Computer

SEE ALSO: How to Fix Windows Update Issues using PowerShell Script?

D) Running the Script to Get Local User Accounts from Domain Computers

Now, that our script is ready, we can run it in PowerShell to get the desired results. This script uses the Active Directory module. So, you need to run the script on a domain controller. However, you can also run this script from the client-PC but you need to install RSAT tools first. Please note that you need to have Domain Admin rights to run this script.

  • First of all, go to the folder where the script is saved. Then, click on the File menu, hover over Open Windows PowerShell, and select Open Windows PowerShell as administrator to open PowerShell in the current folder.
Open Powershell As Administrator In The Same Folder
Open PowerShell as Administrator in the same Folder
Click On Yes When Uac Prompt Appears
Click on Yes
  • You will see the PowerShell window open with the “Administrator: Windows PowerShell” title.
Powershell Opened As Administrator
PowerShell Opened As Administrator
  • Enter the name of the script in the PowerShell prompt. You can use the TAB key to autocomplete the script name after typing a few characters of its name. After entering the script name, press Enter to run the script.
Getting Local Accounts from domian computers: Progress Script Running
Running the script

E) Local User Account Report in CSV Format

After running, the script will fetch local user accounts. The output CSV file will be saved in the same folder from where you are running the script.

Get local user accounts from domain computers: Script Output Saved As Csv File In The Same Folder
Script Output Saved as the CSV File

You can now open this CSV file in MS Excel to see the details. In the report, you can see the details of all local user accounts. If any of the computers were not reachable, you will see an error message in the description column.

Local Account Report
Local User Accounts Report

SEE ALSO: How to Create Bulk Users in Active Directory using PowerShell Script?

Fetch Local User Accounts from Domain Computers using PowerShell Script

The above tutorial explained, how you can get a local accounts report from domain computers using the PowerShell script. The script uses the Active Directory module. So, you need to run this script on the AD server (domain controller). If you are running the script from your local client computer, make sure to install RSAT tools first.

Hope this tutorial helps you solve your local accounts-related problems. Feel free to comment down below if you face any issues while running the script. You can also subscribe to our newsletter to get such tutorials directly into your inbox. You can find the subscription box down below.

Editorial Staff

Hi there, we are the editorial staff at WINDOSPC (former HELLPC). We are a team of funny and technical people. Feel free to get in touch with us via Contact-Us page.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.