Comments (9)

  1. Anonymous says:

    I got a script to get the membership and I’m using as this:

    Get-LocalGroupMembership -Computername server1 -Group Administrators

    but I’m getting the following error:

    The term ‘Get-LocalGroupMembership’ is not recognized as the name of a cmdlet, function, script file, or operable progr
    am. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

    Suggestion [3,General]: The command Get-LocalGroupMembership was not found, but does exist in the current location. Wind
    ows PowerShell doesn’t load commands from the current location by default. If you trust this command, instead type “.Get-LocalGroupMembership”. See “get-help about_Command_Precedence” for more details.

    Previously I ran the script as .Get-LocalGroupMembership.ps1 with the same result, could you please help me with this?

  2. Anonymous says:


    This blog is very useful and is very closely related to the topic on which iam working, my question is "i need a script/query based on wmi/wql that find out the time when the user was added to local administration group on this local computer"

    The script will be run locally on the machine

  3. Neil Fairall says:

    Thanks to Bill Prentice for confirming the issue I am seeing. Guess I will have to use a more complex method.

  4. David Wyatt says:

    Even if you have to fall back on Get-WmiObject, there's a slightly easier way to find the associated members.  Instead of writing an "ASSOCIATORS OF" query, you can do this:

    $group = Get-WmiObject Win32_Group -Filter 'Name="Administrators"'

    $group.GetRelated('Win32_UserAccount') | Select-Object -ExpandProperty Caption

  5. ss says:

    Hi..Iam poor at could we apply this script on list of servers…pls explain

  6. Bill Prentice says:

    The last method – using System.DirectoryServices.AccountManagement – will only work on machines which have no ‘orphaned’ SIDs, i.e. the SIDs can be resolved. If you have a normal network there will be orphaned SIDs from domain accounts or groups that have
    been deleted at some point. Those will cause the third method to fail.

    This is a design decision and has been true since at least July of 2009 (
    towards the bottom is MS support’s comments). Microsoft has yet to fix this 5 years on.

  7. RAbel says:

    $Administrators = [ADSI]"WinNT://$env:COMPUTERNAME/Administrators,group"
    $members = $Administrators.Invoke("Members")
    $members = $members | %{([ADSI]$_).Name}

  8. DAB says:

    Nice one RAbel

Skip to main content