I am trying to get the SIDs of users and groups by querying
get-wmiobject -query 'select groupcomponent,partcomponent from win32_groupuser`
output:
__GENUS : 2
__CLASS : Win32_GroupUser
__SUPERCLASS :
__DYNASTY :
__RELPATH : Win32_GroupUser.GroupComponent="\\\\COMPUTER\\root\\cimv2:Win32_Group.Domain=\"TESTDOMAIN\",Name=\
"Schema Admins\"",PartComponent="\\\\COMPUTER\\root\\cimv2:Win32_UserAccount.Domain=\"TESTDOMAIN\"
,Name=\"Administrator\""
__PROPERTY_COUNT : 2
__DERIVATION : {}
__SERVER :
__NAMESPACE :
__PATH :
GroupComponent : \\COMPUTER\root\cimv2:Win32_Group.Domain="TESTDOMAIN",Name="Schema Admins"
PartComponent : \\COMPUTER\root\cimv2:Win32_UserAccount.Domain="TESTDOMAIN",Name="Administrator"
groupcomponent is a win32_group (https://msdn.microsoft.com/en-us/library/windows/desktop/aa394153%28v=vs.85%29.aspx?f=255&MSPPError=-2147217396).
win32_group is contains an SID (https://msdn.microsoft.com/en-us/library/windows/desktop/aa394151%28v=vs.85%29.aspx#)
However the groupcomponent here is a string and not a win32_group as
get-wmiobject -query 'select groupcomponent.sid from win32_groupuser'
is an invalid query. How can I access groupcomponent's members as a win32_group?
Answer
The PartComponent Property contains the SID. Access it by iterating through all objects via WMI:
gwmi win32_groupuser | % { [wmi]$_.partcomponent }
or use
gwmi win32_groupuser | % { [wmi]$_.partcomponent | select SID }
to only receive the SID.
No comments:
Post a Comment