Hello all,

I've been reading this Scripting Guy article on discovering users in your computer's local Administrator's group, and I have chosen the method that uses the .NET framework class System.DirectoryServices.AccountManagement.IdentityType:

Add-Type -AssemblyName system.directoryservices.accountmanagement

$ContextType = [System.DirectoryServices.AccountManagement.ContextType]::Machine

$LocalMachineContext = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext -ArgumentList $ContextType, $env:COMPUTERNAME

$IdentityType = [System.DirectoryServices.AccountManagement.IdentityType]::SamAccountName

$LocalAdministratorsGroup = [System.DirectoryServices.AccountManagement.GroupPrincipal]::FindByIdentity($LocalMachineContext, $IdentityType, "Administrators")

$LocalAdministratorsGroup.Members

This works great for discovering Local users. My question is, using the above class, I can't seem to find a way to add/remove any of the users that I found from the Local group. Is there a way using the .NET framework class above to add/remove members of a Local group on your computer, or will I need to use another approach (like using the [ADSI] accelerator or something)?

• Edited by KentYeabower 10 hours 34 minutes ago

No.  Use ADSI WinNT provider.

Look in script center for many scripts that can do this.

JRV,

OK, I think I will do that. I may have to combine the 2 methods, as the [ADSI] method cannot tell you want domain the user belongs to. I can use the above method to find the precise users I want to delete, and then run the users through the [ADSI] WinNT provider to remove them.

Thanks!