Get SID for each member of a local group

Question

On an Active Directory domain member running Windows 7 I have a local group. It has users and other groups as members:

How can I obtain the SID for each member of this local group? I'm aware of the Sysinternals utility PSGetSid but it doesn't seem to be able to enumerate group members.

You want the SID for just the users in the groups or the groups in the group as well? — Ryan Bolger, Jan 27 '17 at 23:37

score 4 · Accepted Answer · answered Jan 28 '17 at 00:40

Here's a Powershell function you should be able to use. I only tested it on Windows 10, but I don't think it's using anything that wasn't available in Windows 7.

Function Get-LocalGroupMembers  {

[Cmdletbinding()] 
Param( 
    [Parameter(Mandatory=$true)]
    [string]$GroupName
)

[adsi]$adsiGroup = "WinNT://$($env:COMPUTERNAME)/$GroupName,group"

$adsiGroup.Invoke('Members') | %{

    $username = $_.GetType().InvokeMember('Name','GetProperty',$null,$_,$null)
    $path = $_.GetType().InvokeMember('AdsPath','GetProperty',$null,$_,$null).Replace('WinNT://','')
    $class = $_.GetType().InvokeMember('Class','GetProperty',$null,$_,$null)
    $userObj = New-Object System.Security.Principal.NTAccount($username)
    $sid = $userObj.Translate([System.Security.Principal.SecurityIdentifier])

    [pscustomobject]@{
        Username = $username
        Type = $class
        SID = $sid
        Path = $path
    }

}

}

+1 You'll be happy to upgrade to WMF 5.1, it includes a [`Get-LocalGroupMember`](https://msdn.microsoft.com/en-us/powershell/reference/5.1/microsoft.powershell.localaccounts/get-localgroupmember) among other cmdlets. — jscott, Jan 28 '17 at 01:43

Get SID for each member of a local group

1 Answers1