Author Posts

February 1, 2017 at 5:21 pm

Hello,

I'm trying to write a script that will get admin users from all AD computers. Unfortunately it appears that get-localgroupmember is bugged out in server 2016/Windows 10 so I've been trying to use a workaround. Here is my code:

$computers = Get-ADComputer -filter * | Select Name

Invoke-Command -ScriptBlock {
    $global:admins = net localgroup administrators | Where-Object {$_ -and $_ -notmatch "command completed successfully"} | Select-Object -skip 4 | Out-String
    $global:table = New-Object PSObject -Property @{
        Computer = $env:COMPUTERNAME
        Admins = $global:admins
        }
} -ComputerName $computers

# Save it in XML

$table | Format-List | Export-Clixml $PSScriptRoot\admins.xml

If I remove the -ComputerName parameter it will run perfectly on the local machine but when trying to run it with the parameter I get the following error:

imgur link

We've tried moving it in front of the -scriptblock parameter with no luck, does anyone have any ideas?

Thanks!

*EDIT* That imgur link isn't really working for me so here is what the error says:

Invoke-Command: One or more computer names are not valid. If you are trying to pass a URI, use the -ConnectionUri parameter, or pass URI objects instead of strings.
At Get_localAdminXML.ps1:11 char:1

February 1, 2017 at 5:37 pm

Hi TH,

The problem here is that your $computers variable contains header information. When you call Get-Member on your $computers variable, it should still have it's original type. You want an array of strings for the -computername parameter so when you populate that variable you want to either expand the property with

select -expandproperty name

or dot your property name

(Get-ADComputer -filter *).name

Both of these methods will remove the header information from your variable, which is the cause of your error.

February 1, 2017 at 6:15 pm

Hey Monte,

Thank you for taking the time to reply....unfortunately I'm still getting the same error

Any other ideas? This has stumped everyone I know haha

February 1, 2017 at 8:12 pm

I would start by running line by line and making sure you're getting the desired output. Your computers variable should have a base type of array and an unrolled type of String when piped to get-member. Make sure that AD isn't returning any computer names with odd characters. I've seen instances where a leading underscore can cause PowerShell to reject a computer name. You're also going to run into a problem returning data from your invoke commands. As far as I know, scope doesn't cross into or out of remote session unless you're using the $using:modifier, which only works into a remote session. You'll need to do a return or Write-Output on your $table variable (which shouldn't need a global scope modifier) in order to return the data correctly.

February 1, 2017 at 10:26 pm

Hey Monte, thank you again for the reply. The problem turned out to be that we have some Linux devices as well as other non-standard machines in the domain which were causing the problem. As we only really needed the info for Windows 10 machines the following worked:

Get-ADComputer -Filter 'OperatingSystem -like "Windows 10*"' -SearchBase "OU=XX,DC=XX,DC=XX,DC=XX"

replace XX with appropriate values for your company