Hey,
based on a short cleanup I try to find the Domain Admins group of the domain a computer is member of with powershell.
I am trying to not use the Active Directory module since I cannot be sure it is on every computer the script will run :(
So the only technique being available is ADSI or WMI (since WMI needed hours to find the group I preferred to use ADSI).
Now my problem is:
How can I find the 'Domain Admin'/'DomainAdmins'/'Admins of Domain' or how ever the group is named?
Solution I found is SID. It seems all DomainAdmins groups have SID of S-1-5-21-*-521.
So I thought very easy ADSI filter and all is done..but this filter seems not to work correctly with SID.
'(&(objectclass=group)(objectSID=S-1-5-21-*-512))'Any ideas what is wrong?
The full script I currently have is:
$domain = $(Get-WmiObject -ComputerName $env:COMPUTERNAME -Query "Select Domain from Win32_ComputerSystem").Domain
$objTrans = New-Object -comObject "NameTranslate"
$objNT = $objTrans.GetType()
$objNT.InvokeMember("Init", "InvokeMethod", $Null, $objTrans, (3, $Null))
$objNT.InvokeMember("Set", "InvokeMethod", $Null, $objTrans, (3, $($domain.Split(".")[0] + "\")))
$LDAPDomain = "LDAP://" + $($objNT.InvokeMember("Get", "InvokeMethod", $Null, $objTrans, 1))
$Searcher = New-Object DirectoryServices.DirectorySearcher
$Searcher.Filter = '(&(objectclass=group)(objectSID=S-1-5-21-*-512))'
$Searcher.SearchRoot = $LDAPDomain
$Searcher.FindAll()Thank you