Get-localgroupmember not displaying actual AD username that is listed in window UI

So i noticed on a server that we have some scripting/coding going on that our IT dept has done something weird with AD user accounts that are part of a windows local user group… for example let’s say you have 2 domains ABC and XYZ…

so in computer manager in windows in local users and groups i have a group called testgroup1… in that group i have the following users listed via the group GUI sorry i don’t have a screenshot and i’m not listing the actual real domain names :wink:

[from windows UI properties of the group testgroup1]
ABC\user1
ABC\user1 (XYZ\user1)
ABC\user2
ABC\user2 (XYZ\user2)
ABC\user3

now ABC is a newer domain and XYZ is an older domain that might likely be decommed or something in the future by my IT dept…

my issue is i’m using pshell cmd Get-LocalGroupMember to display the output of what users are in that local user group

PS C:\WINDOWS\system32> Get-LocalGroupMember -Group “testgroup1”

ObjectClass Name PrincipalSource


User ABC\user1 ActiveDirectory
User ABC\user1 ActiveDirectory
User ABC\user2 ActiveDirectory
User ABC\user2 ActiveDirectory
User ABC\user3 ActiveDirectory

so that’s my issue via our scripting/coding i have no way to tell which was the one that was added originally as XYZ domain :(… now i can tell you that user1 was added to the groups as:

ABC\user1
XYZ\user1

and after some days pass not sure how long, IT is going behind the scenes and converting the XYZ\user1 into “ABC\user1 (XYZ\user1)” , then my issue i’m posting about becomes well an issue :slight_smile: at that point.

so i tried adding a -verbose to the Get-LocalGroupMember that didn’t work. has anyone seen anything like this or have some other solution ? i’m coming up short handed searching on google. I need to be able to pull that extra info for XYZ domain so i know which user is which.

Have you tried to return more than just these three properties? AFAIK it’s impossible to add the same account more than once to a group. So there has to be a difference.

i tried

Get-LocalGroupMember -Group “testgroup1” | Format-List -Property *

and got this output… sorry that i don’t know what is going on behind the scenes as our IT is doing this between 2 different domains like i explained.

Name : ABC\user1
SID : S-1-5-21-854245398-1972579041-362288127-2938483
PrincipalSource : ActiveDirectory
ObjectClass : User

Name : ABC\user1
SID : S-1-5-21-1802859667-647903414-1863928812-2398402
PrincipalSource : ActiveDirectory
ObjectClass : User

Well … at least you have the object SIDs and you can search for them in AD to figure out why there are 2 different users seeming to have the same name. :wink: