Get-LocalGroupMember generates error for Administrators group

4

Following commands run on a Windows 10 VM that's joined to AzureAD:

PS C:\Windows\system32> Get-LocalGroupMember -Group Administrators
Get-LocalGroupMember : Failed to compare two elements in the array. At line:1 char:1

PS C:\Windows\system32> Get-LocalGroupMember -Group Users
Group NT AUTHORITY\Authenticated Users Unknown
Group NT AUTHORITY\INTERACTIVE Unknown

PS C:\Windows\system32> net localgroup administrators
Members
Administrator AzureAD\UserName

Any idea why the PowerShell Get-LocalGroupMember command is generating an error on the Administrators group whereas net localgroup works as does Get-LocalGroupMember for the Users group?

munrobasher

Posted 2016-10-05T21:26:35.087

Reputation: 640

Hrm, no repro on my win10 computers. – Zoredache – 2016-10-05T22:07:46.220

It works fine on my dev PC, just not this trial Windows 10 VM. Hmm... – munrobasher – 2016-10-06T10:28:02.327

Answers

4

This has been referenced as an official bug:

https://github.com/PowerShell/PowerShell/issues/2996

Here is workaround:

http://jdhitsolutions.com/blog/scripting/2342/query-local-administrators-with-cim/

UPDATE:

I had some issues with CIM and WMI.

Here is another workaround which worked everywhere for me.

https://p0w3rsh3ll.wordpress.com/2016/06/14/any-documented-adsi-changes-in-powershell-5-0/

Luke

Posted 2016-10-05T21:26:35.087

Reputation: 305

Man, it's 8/23/2018 and this bug is still not fixed – Kolob Canyon – 2018-08-23T16:43:44.620

0

This will clean up the broken administrators. I think they were created during the update process:

(powershell script)

$administrators = @(
([ADSI]"WinNT://./Administrators").psbase.Invoke('Members') |
% { 
 $_.GetType().InvokeMember('AdsPath','GetProperty',$null,$($_),$null) 
}
) -match '^WinNT';

$administrators = $administrators -replace "WinNT://",""

$administrators

foreach ($administrator in $administrators)
{

if ($administrator -like "$env:COMPUTERNAME/*" -or $administrator -like "AzureAd/*")
{
    continue;
}

Remove-LocalGroupMember -group "administrators" -member $administrator
}

Monofuse

Posted 2016-10-05T21:26:35.087

Reputation: 101

Asked: 2016-10-05T21:26:35.087

Viewed: 4 194 times

Active: 2019-09-10T13:23:32.340