List of all users in Administrator Group

sanjay · March 24, 2017, 8:49am

Hi,

I am in need of of list of all users (local and domain) of Administrator group on Windows 7, Windows 2003/2008/2012 servers. I have went through number of posts but not matching my requirement. can someone please help me?

JasonWalker · March 24, 2017, 3:27pm

Here is what I’m using. This is a little more complex than it really needs to be, because it does several things for me:

It lists members of the local Administrators group, both Domain members and Local members.
It excludes the Local Administrator account (which we have uniquely named on each host), in order to reduce the entries that appear in the analysis result. This is the account with a SID ending with “-500”
For Local accounts, it replaces HOSTNAME\user with .\user - so the same local account name defined on multiple hosts can be filtered as one entry in the results tree view, instead of a different result for every hostname.
For Domain accounts, it removes the domain name from the result (so that if we use multiple domains with the same group name in both, it still appears as one result in the tree view). DOMAIN1\admingroup1 and DOMAIN2\admingroup1 get collapsed together into ‘admingroup1’
It uses (it as string) of sids… so that an account with an unresolvable name (such as a deleted Domain Account) still appears in the result as a SID string.

(if not exists (local group it) then "<missing group " & it & ">" else (if it as lowercase starts with hostname as lowercase & "\" then ".\" & following text of first "\" of it else if it contains "\" then following text of first "\" of it else it) of (it as string) of sids of members whose (following text of last "-" of component string of sid of it != "500") of local group it) of "Administrators"

sanjay · March 24, 2017, 3:46pm

Thanks Jason for the quick reply. This might be silly question but how I can fetch a report with these details? I run it as fixlet and it is showing me list as “”. I need to have the usernames in my report.

john2dj · March 24, 2017, 3:58pm

(concatenation “,” of (members of local group “administrators” as string as lowercase)

And then use relevance for the OS you want.

(((name of it = “Win2003”) OR (name of it = “Win2012”) OR (name of it = “Win2012R2”) OR (name of it = “Win2008R2”)) of operating system)

This will provide the user names that you are looking for.

sanjay · March 24, 2017, 4:19pm

Thanks John… this is what exactly I am looking for…

One more thing, can we add/remove unwanted group from the Administrator group?

john2dj · March 24, 2017, 5:19pm

Task relevance: (exists member whose (it as string as lowercase contains “\username”)of local group “administrators”)

Action: dos net localgroup administrators "username@domain.com" /delete

nicksberger · March 27, 2017, 12:17pm

I always find it more relaible to not specifiy the Administrator group by name, just incase you have non-English OS.

(if not exists (local group it) then "<missing group " & it & “>” else (if it as lowercase starts with hostname as lowercase & “” then “.” & following text of first “” of it else if it contains “” then following text of first “” of it else it) of (it as string) of sids of members whose (following text of last “-” of component string of sid of it != “500”) of local group it) of (names of local groups whose ((it = “S-1-5-32-544”) of component strings of sids of it) )

Systemguru · June 22, 2020, 7:10pm

When I try to apply any of these relevance, I get syntax errors? The concatenation “,” of (members of local group “administrators” as string as lowercase) works in Qna but not in fixlets