Hi there…I am trying to get local users & admin group user ids on remote servers. I got a script that’s working (mentioned below), I dont take credit to myself as I got some assistance in that. While using that script, I got some errors even when I target on some of new Server 2012 servers.
$Output = "C:\Temp\Users-GroupMember\UserInfo.rtf" $Servers = Get-Content -Path "C:\Temp\Users-GroupMember\Servers.txt" foreach ($Servers in $Servers) { # 1. To get Local Administrators group Members Write-Output "1. *****Administrators group Members for the Server mentioned above****" |out-file $Output -Append $localgroup = "Administrators" $Group= [ADSI]"WinNT://$Servers/$LocalGroup,group" $members = $Group.psbase.Invoke("Members") $members | ForEach-Object { $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null) } | Out-File $Output -Append # 2. Local user information Write-Output "2. *****Local user information for the Server mentioned above*****" | out-file $Output -Append $adsi = [ADSI]"WinNT://$Servers" $adsi.Children | where {$_.SchemaClassName -eq 'user'} | Foreach-Object {$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)} | out-file $Output -Append }
Error, I got was
Exception calling “Invoke” with “2” argument(s): "The network path was not found
At C:\Temp\Users-GroupMember\Users-GroupMember.ps1:17 char:32
- FullyQualifiedErrorId : DotNetMethodException
- CategoryInfo : NotSpecified: ( , MethodInvocationException
- $members = $Group.psbase.Invoke <<<< ("Members")
When I was researching about this error, I came to know about this blog about enabling CredSSP in Windows servers (even though that for vCO powershell plugin. In that he had mentioned -
"By default, PowerShell remoting authenticates using a “Network Logon”. Network Logons work by proving to the remote server that you have possession of the users credential without sending the credential to that server (see Kerberos and NTLM authentication). Because the remote server doesn’t have possession of your credential, when you try to make the second hop (from Server A to Server B) it fails because Server A doesn’t have a credential to authenticate to Server B with.
To get around this issue, PowerShell provides the CredSSP (Credential Security Support Provider) option. When using CredSSP, PowerShell will perform a “Network Clear-text Logon” instead of a “Network Logon”. Network Clear-text Logon works by sending the user’s clear-text password to the remote server. When using CredSSP, Server A will be sent the user’s clear-text password, and will therefore be able to authenticate to Server B. Double hop works!"
Can you pls share you thoughts if we need to do the same in server 2012 servers as well.