Does anyone know why the system user on a domain-joined machine will return EVERY DOMAIN USER with this command (Windows 10)? I don't even know how long it takes to finish. This is from a profile cleanup script.
I know now it's much faster this way, but I don't think of the system user is being a member of a domain:
The win32_useraccount class is trying to enumerate account instances across the domain, not just the local system. Connect to your local machine in WMI Explorer and try to query all instances of the win32-useraccount class. You will get the same behavior. That is the reason your filtered command which targeted local accounts worked so quickly.
If you're only interested in local accounts, I would just use get-localuser.
The topic ‘Why does the system user list every domain user in wmi?’ is closed to new replies.