List Local administrators on a machine using Powershell, ADSI

I need to audit our local administrators group.  I wanted to convert my script to Powershell that I’ve used for years. I found the magic post here that shows the core syntax.  I wouldn’t have guessed the syntax in a dozen years. 

Here is the VBScript.

Set objGroup = GetObject(“WinNT://./Administrators,group”)

    For Each objUser In objGroup.Members
        WScript.Echo “Member found: ” & objUser.Name

set objGroup = Nothing

Here is the Powershell syntax.

function LogToFile ([string]$strFileName, [string]$strComputer)
 Add-Content $strFileName $strComputer

$strComputer = “.”
$computer = [ADSI](“WinNT://” + $strComputer + “,computer”)
$Group = $computer.psbase.children.find(“Administrators”)
$members= $Group.psbase.invoke(“Members”) | %{$_.GetType().InvokeMember(“Name”, ‘GetProperty’, $null, $_, $null)}

ForEach($user in $members)

Write-Host $user
$a = $strComputer + “!” + $user.ToString()
LogToFile “C:ss.txt” $a

Thanks to Ying Li!



5 thoughts on “List Local administrators on a machine using Powershell, ADSI”

  1. Thanks for saving my life with this 🙂

    where did you get the “psbase” from? I didn’t find this approach in any other site.

    Anyway, thanks again.


  2. Hi,

    how can I run this for multiple computers and save the oupt to a txt file or csv? I also like to repeat the machine name on every line. Thank you



  3. Oh goodie, a list of group names that we still have to go locate and enumerate. You’ve saved us about 10% of our work here.


  4. Is there a way to set a wildcard so that it parses every computer on the network and outputs all local admins?


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: