Get local account informations remotely with PowerShell


To get local account informations, you need to use the ADSI accelerator type, but, instead of targeting ActiveDirectory, you target “WinNT” (be careful about the case) :


“SC2012R2” is the computer name, and “Administrator” is the user name. If you look at the object type, you’ll notice that this is a “System.DirectoryServices.DirectoryEntry” just like an ActiveDirectory Object. So, you can treat it just like an AD object :

if($ -band 0x2){$AccountDisabled="Yes"} else {$AccountDisabled="No"} 
if($ -band 0x0010){$AccountLocked="Yes"} else {$AccountLocked="No"} 
if($ -band 0x800000){$PwdExpired="Yes"} else {$PwdExpired="No"} 
$Object = New-Object PSObject -Property @{ 
    'AccountName'        = "Administrator" 
    'ComputerName'       = "SC2012R2" 
    'LastLogin'          = $localadm.LastLogin.value 
    'Last Pwd Change'    = (Get-Date).AddHours(-($localadm.PasswordAge.value/86400)) 
    'Bad Password Count' = $localadm.BadPasswordAttempts.value 
    'AccountDisabled'    = $AccountDisabled 
    'AccountLocked'      = $AccountLocked 
    'PwdExpired'         = $PwdExpired 
Write-Output $Object


Leave a Reply