Reporting Domain accounts on the local PC

Using the query below I can report all the local accounts on a PC.

Set cUsers = oWMIService.ExecQuery("Select * from Win32_UserAccount Where
LocalAccount = True")

Can I use WMI to report all the local accounts as well as all the domain
accounts and groups that are present on a PC?

Thanks,

Tom

Tom Ker wrote:

Quote:

> Using the query below I can report all the local accounts on a PC.
>
> Set cUsers = oWMIService.ExecQuery("Select * from Win32_UserAccount Where
> LocalAccount = True")
>
> Can I use WMI to report all the local accounts as well as all the domain
> accounts and groups that are present on a PC?

Hi,

There are no domain accounts or groups on the PC. However, domain users and
groups can be members of local groups. Also, when domain users logon can
leave a profile, so in a sense the PC "knows" about the domain user. Do you
want to know what domain users and groups are members of local groups?

--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net

"Tom Ker" <thomasDOTkerA@Thighmark.com> wrote in message
news:%23Xn$yOhEGHA.2856@TK2MSFTNGP12.phx.gbl...

Quote:

> Using the query below I can report all the local accounts on a PC.
>
> Set cUsers = oWMIService.ExecQuery("Select * from Win32_UserAccount Where
> LocalAccount = True")
>
> Can I use WMI to report all the local accounts as well as all the domain
> accounts and groups that are present on a PC?
>
> Thanks,
>
> Tom

The local PC will only have local accounts and local groups, it will never have
any domain accounts or domain groups (unless you run the script from a domain
controller).

Explain what you are trying to accomplish. Are you trying to enumerate group
members?

If you're trying to enumerate domain accounts, change the "Local Account = True"
portion of your query to "Local Account = False".

Thanks for the quick reply. See my longer reply to Richard for some
details.

I tried "LocalAccount = False" and got the results you stated - not what I'm
after, though.

Thanks,

Tom

"Marty List" <usenet@optimumx.com> wrote in message
news:%23Gi%23NHjEGHA.344@TK2MSFTNGP11.phx.gbl...

Quote:

>
>
> The local PC will only have local accounts and local groups, it will never
> have any domain accounts or domain groups (unless you run the script from
> a domain controller).
>
> Explain what you are trying to accomplish. Are you trying to enumerate
> group members?
>
> If you're trying to enumerate domain accounts, change the "Local Account =
> True" portion of your query to "Local Account = False".
>
>
>

Thanks for the quick reply. Guess I should have thought more about what I
was writing.

Yes, I am looking for all local users that have been created and all domain
users that have been added to local groups and any domain groups that have
been added to local groups. In this instance I do not care who has logged
on in the past, so I don't care what profiles have been created in the Docs
& Settings folder.

Since that short WMI query is cleaner and seems to process the local users
faster than looping with the code below, I thought I'd give WMI a try.
(Basically, I'm trying to expand my horizons with some new techniques.) The
code below is what I'm using today to create a dictionary of all objects in
all groups and all users that were created but not associated with any
group.

------ snip ------
Set cUsers = GetObject("WinNT://" & sCompName & "")
cUsers.Filter = Array("User")
Set cGroups = GetObject("WinNT://" & sCompName & "")
cGroups.Filter = Array("Group")
Set oUserDict = CreateObject("Scripting.Dictionary")

'Build User dictionary
sName = "xxxx" : sStatus = "xxxx"
For Each oGroup in cGroups
For Each oUser in oGroup.Members
Call Get_User
If NOT oUserDict.Exists(sName) Then
oUserDict.Add sName, sStatus & "," & LCase(oGroup.Name)
Else
sGrpList = oUserDict.Item(sName)
oUserDict.Remove(sName)
oUserDict.Add sName, sGrpList & "," & LCase(oGroup.Name)
End If
Next
Next
For Each oUser in cUsers
Call Get_User
If NOT oUserDict.Exists(sName) Then oUserDict.Add sName, sStatus &
",no_group"
Next

'Get and report the user's name and status
Sub Get_User()
sUser = Right(oUser.AdsPath, Len(oUser.AdsPath) - 8) 'Remove the
"WinNT://"
aUser = Split(sUser, "/")
If UBound(aUser) = 2 Then 'UBound = 2 for Local Users
sName = UCase(sCompName) & "\" & oUser.Name
bUserDisabled = CBool(oUser.AccountDisabled)
If bUserDisabled Then
sStatus = " -- Found Disabled"
Else
sStatus = " -- Found Active"
End If
Else 'Process other users or groups
If InStr(LCase(sUser), "domainname") <> 0 Then
sName = "DOMAINNAME\" & oUser.Name
sStatus = " -- Domain ID/Group"
Else
sName = "NT AUTHORITY\" & oUser.Name
sStatus = " -- System Generated"
End If
bUserDisabled = FALSE
End If
End Sub

------ snip ------

Thanks,
Tom

"Richard Mueller" <rlmueller-NOSPAM@ameritech.NOSPAM.net> wrote in message
news:uzD7wliEGHA.3984@TK2MSFTNGP14.phx.gbl...

Quote:

> Tom Ker wrote:
>

Quote:

>
> Hi,
>
> There are no domain accounts or groups on the PC. However, domain users
> and groups can be members of local groups. Also, when domain users logon
> can leave a profile, so in a sense the PC "knows" about the domain user.
> Do you want to know what domain users and groups are members of local
> groups?
>
> --
> Richard
> Microsoft MVP Scripting and ADSI
> Hilltop Lab - http://www.rlmueller.net
>