How to Get Local User Accounts from Domain Computers
Local user accounts on domain computers always pose security risks. But as a domain admin, before you disable or delete these accounts, you need to analyze them first. For that, you will need to get the list of all local user accounts from domain computers. Then, you can analyze the risk factors of each account.
Depending upon the requirement, some accounts may be useful while others may not. And you can then finalize a policy for useless accounts. So, in this tutorial, we are going to show you how you can fetch a list of all local user accounts from domain computers using the PowerShell script.
WARNING: Working with the PowerShell scripts requires extra care. We suggest you take supervision from your Senior IT Administrator if you are not sure about the working of the PowerShell scripts.
Fetch Local User Accounts from Domain Computers using PowerShell Script
We have divided this tutorial into parts. So that you can understand the workings of the script easily. In the first part, we will explain the functionality of the PowerShell script. And in later parts, we will show you how to make it work. So, let’s get started with preparing the script.
A) Getting the Script Ready
The PowerShell script we are going to use in this tutorial uses gwmi
or Get-WmiObject
commands to fetch local user account details from remote computers.
The first part of the script starts with fetching all computer accounts in the domain. And, we use $computers
variable to store the names of all computer objects in the domain.
$Computers = (Get-ADComputer -Filter * -Properties * | Where {$_.Enabled -eq $True -and $_.Description -notlike "Fail*"}).Name
Next, we are going to loop through all the computers one by one using the ForEach
loop to get all local user accounts from each computer. And, will store all local user accounts in the $AllLocalAccounts
variable. Here is the code snippet.
$AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" -Filter "LocalAccount='$True'" -ComputerName $Computer
Now, we again loop through each local user account found on a computer to get its details. Then, store these details in variables which are finally added to the $Report
variable.
Foreach($LocalAccount in $AllLocalAccounts) { $Properties = [ordered]@{ 'Computer' = $Computer 'ComputerStatus' = "Online" 'UserName' = $LocalAccount.Name 'Disabled' = $LocalAccount.Disabled 'LockedOut' = $LocalAccount.LockOut 'PwdChangeable' = $LocalAccount.PasswordChangeable 'PwdExpires' = $LocalAccount.PasswordExpires 'PwdRequired' = $LocalAccount.PasswordRequired 'Description' = $LocalAccount.Description } $Report += New-Object -TypeName PSObject -Property $Properties }
Finally, the report is exported in CSV format. You can change the report saving location and name of the report by changing -path
attribute.
$DateTime = (Get-Date).ToString('dd-MMM-yyyy_hh-mm-ss') $Report | Export-Csv -Path .\LocalAcReport-$DateTime.Csv -NoTypeInformation
SEE ALSO: How to Reset Passwords of Users from Multiple Domains using PowerShell Script?
B) PowerShell Script for Fetching Local User Accounts from Domain Computers
Hope you get the idea behind the script. So, here is the full script that you can use to get the list of all local user accounts from domain computers. This script requires PowerShell version 2 or higher. So, you can run it on Windows Server 2008 R2, 2012, 2012 R2, 2016 and 2019.
################################################################# # This Script gets computers in domain and fetches the list of # # local accounts on them. Then prepares the report in csv format# # Author: HELLPC Tutorials (windospc.com) # # Created: 06-Jan-2021 # # Modified: 06-Jan-2021 # ################################################################# # Import required Modules Import-Module ActiveDirectory # Setting Error Action Preference to stop on error. $ErrorActionPreference = 'SilentlyContinue' # Create blank report variable $Report = @() # Get the list of all computers in domain $Computers = (Get-ADComputer -Filter * -Properties * | Where {$_.Enabled -eq $True -and $_.Description -notlike "Fail*"}).Name $CompCount = $Computers.Count $i = 0 # Looping through all domain computers Foreach($Computer in $Computers) { $i++ Write-Progress -Activity "Getting local accounts" -Status "In progress…" -PercentComplete ($i/$CompCount*100) Write-Output "Getting local accounts from computer: $Computer" Try { # Get the list of all local accounts in selected computer $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" -Filter "LocalAccount='$True'" -ComputerName $Computer # Get the details of each local account Foreach($LocalAccount in $AllLocalAccounts) { $Properties = [ordered]@{ 'Computer' = $Computer 'ComputerStatus' = "Online" 'UserName' = $LocalAccount.Name 'Disabled' = $LocalAccount.Disabled 'LockedOut' = $LocalAccount.LockOut 'PwdChangeable' = $LocalAccount.PasswordChangeable 'PwdExpires' = $LocalAccount.PasswordExpires 'PwdRequired' = $LocalAccount.PasswordRequired 'Description' = $LocalAccount.Description } $Report += New-Object -TypeName PSObject -Property $Properties } } Catch { $ErrorMsg = $Error.Exception.Message | Select -First 1 $Properties = [ordered]@{ 'Computer' = $Computer 'ComputerStatus' = "NotReachable" 'UserName' = "" 'Disabled' = "" 'LockedOut' = "" 'PwdChangeable' = "" 'PwdExpires' = "" 'PwdRequired' = "" 'Description' = $ErrorMsg } $Report += New-Object -TypeName PSObject -Property $Properties } }
DISCLAIMER: This script is provided without any warranty on an “AS IS” basis. Make sure to run the script in the LAB environment before trying it in the Production environment. We take no responsibility for any kind of damage caused by running the script.
C) Saving the PowerShell Script (.ps1) File
- Copy and paste the above script code to Notepad.
- Save the script as the
.ps1
file..ps1
is the file extension for PowerShell script files. Make sure you selectAll Files (*.*)
in “Save as type:” dropdown below the textbox for File name:. In this tutorial, we have saved the script asGet-LocalAccounts.ps1
.
- Now you have the script ready to run. You can run this script in PowerShell to fetch all local user accounts from domain computers.
SEE ALSO: How to Fix Windows Update Issues using PowerShell Script?
D) Running the Script to Get Local User Accounts from Domain Computers
Now, that our script is ready, we can run it in PowerShell to get the desired results. This script uses the Active Directory module. So, you need to run the script on a domain controller. However, you can also run this script from the client-PC but you need to install RSAT tools first. Please note that you need to have Domain Admin rights to run this script.
- First of all, go to the folder where the script is saved. Then, click on the File menu, hover over Open Windows PowerShell, and select Open Windows PowerShell as administrator to open PowerShell in the current folder.
- Click on Yes when the UAC prompt appears.
- You will see the PowerShell window open with the “Administrator: Windows PowerShell” title.
- Enter the name of the script in the PowerShell prompt. You can use the TAB key to autocomplete the script name after typing a few characters of its name. After entering the script name, press Enter to run the script.
E) Local User Account Report in CSV Format
After running, the script will fetch local user accounts. The output CSV file will be saved in the same folder from where you are running the script.
You can now open this CSV file in MS Excel to see the details. In the report, you can see the details of all local user accounts. If any of the computers were not reachable, you will see an error message in the description column.
SEE ALSO: How to Create Bulk Users in Active Directory using PowerShell Script?
Fetch Local User Accounts from Domain Computers using PowerShell Script
The above tutorial explained, how you can get a local accounts report from domain computers using the PowerShell script. The script uses the Active Directory module. So, you need to run this script on the AD server (domain controller). If you are running the script from your local client computer, make sure to install RSAT tools first.
Hope this tutorial helps you solve your local accounts-related problems. Feel free to comment down below if you face any issues while running the script. You can also subscribe to our newsletter to get such tutorials directly into your inbox. You can find the subscription box down below.