How to Get Local User Accounts from Domain Computers

Local user accounts on domain computers always pose security risk. But as a Domain Admin, before you disable or delete these accounts, you need to analyze the risk first. For that, you will need to get the list of all local user accounts from domain computers. Then, you can analyze the risk factor of each account.

Depending upon the requirement, some accounts may be useful while others may not. And you can then finalize a policy for useless accounts. So, in this tutorial, we are going to show you how you can fetch a list of all local user accounts from domain computers using PowerShell script.

WARNING: Working with the PowerShell scripts requires extra care. We suggest you take supervision from your Senior IT Administrator if you are not sure about the working of the PowerShell scripts.

How to Fetch Local User Accounts from Domain Computers using PowerShell Script

We have divided this tutorial in parts. So that you can understand the working of the script easily. In the first part, we will explain the functionality of the PowerShell script. And in later parts, we will show you how to make it work. So, let’s get started with preparing the script.

A) Getting the Script Ready

The PowerShell script we are going to use in this tutorial uses gwmi or Get-WmiObject commands to fetch local user account details from remote computers.

First part of the script starts with fetching all computer accounts in domain. And, we use $computers variable to store the names of all computer objects in domain.

$Computers = (Get-ADComputer -Filter * -Properties * | Where {$_.Enabled -eq $True -and $_.Description -notlike "Fail*"}).Name

Next, we are going to loop through all the computers one by one using ForEach loop to get all local user accounts from each domain computer. And, will store all local user accounts in $AllLocalAccounts variable. Here is code snippet.

$AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" -Filter "LocalAccount='$True'" -ComputerName $Computer

Now, we again loop through each local user account found on a computer to get it’s details. Then, store these details in variables which are finally added in the $Report variable.

Foreach($LocalAccount in $AllLocalAccounts) {
 $Properties = [ordered]@{
  'Computer'        = $Computer
  'ComputerStatus'  = "Online"
  'UserName'        = $LocalAccount.Name
  'Disabled'        = $LocalAccount.Disabled
  'LockedOut'       = $LocalAccount.LockOut
  'PwdChangeable'   = $LocalAccount.PasswordChangeable
  'PwdExpires'      = $LocalAccount.PasswordExpires
  'PwdRequired'     = $LocalAccount.PasswordRequired
  'Description'     = $LocalAccount.Description
 }
 $Report += New-Object -TypeName PSObject -Property $Properties
}

Finally the report is exported in CSV format. You can change the report saving location and name of the report by changing -path attribute.

$DateTime = (Get-Date).ToString('dd-MMM-yyyy_hh-mm-ss')
$Report | Export-Csv -Path .\LocalAcReport-$DateTime.Csv -NoTypeInformation

SEE ALSO: How to Reset Passwords of users from Multiple Domains using PowerShell Script?

B) PowerShell Script for Fetching Local User Accounts from Domain Computers

Hope you get the idea behind the script. So, here is full script that you can use to get the list of all local user accounts from domain computers. This script requires PowerShell version 2 or higher. So, you can run it on Windows Server 2008 R2, 2012, 2012 R2, 2016 and 2019.

#################################################################
# This Script gets computers in domain and fetches the list of  #
# local accounts on them. Then prepares the report in csv format#
# Author: HELLPC Tutorials (www.hellpc.net)                     #
# Created: 06-Jan-2021                                          #
# Modified: 06-Jan-2021                                         #
#################################################################
# Import required Modules
Import-Module ActiveDirectory

# Setting Error Action Preference to stop on error.
$ErrorActionPreference = 'SilentlyContinue'

# Create blank report variable
$Report = @()

# Get the list of all computers in domain
$Computers = (Get-ADComputer -Filter * -Properties * | Where {$_.Enabled -eq $True -and $_.Description -notlike "Fail*"}).Name
$CompCount = $Computers.Count
$i = 0

# Looping through all domain computers
Foreach($Computer in $Computers) {
 $i++
 Write-Progress -Activity "Getting local accounts" -Status "In progress…" -PercentComplete ($i/$CompCount*100)
 Write-Output "Getting local accounts from computer: $Computer"

 Try {
  # Get the list of all local accounts in selected computer   
  $AllLocalAccounts = Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" -Filter "LocalAccount='$True'" -ComputerName $Computer
  # Get the details of each local account
  Foreach($LocalAccount in $AllLocalAccounts) {
   $Properties = [ordered]@{
    'Computer'        = $Computer
    'ComputerStatus'  = "Online"
    'UserName'        = $LocalAccount.Name
    'Disabled'        = $LocalAccount.Disabled
    'LockedOut'       = $LocalAccount.LockOut
    'PwdChangeable'   = $LocalAccount.PasswordChangeable
    'PwdExpires'      = $LocalAccount.PasswordExpires
    'PwdRequired'     = $LocalAccount.PasswordRequired
    'Description'     = $LocalAccount.Description
   }
   $Report += New-Object -TypeName PSObject -Property $Properties
  }
 }
 Catch {
  $ErrorMsg = $Error.Exception.Message | Select -First 1
  $Properties = [ordered]@{
   'Computer'        = $Computer
   'ComputerStatus'  = "NotReachable"
   'UserName'        = ""
   'Disabled'        = ""
   'LockedOut'       = ""
   'PwdChangeable'   = ""
   'PwdExpires'      = ""
   'PwdRequired'     = ""
   'Description'     = $ErrorMsg
  }
  $Report += New-Object -TypeName PSObject -Property $Properties
 }
}

DISCLAIMER: This script is provided without any warranty on “AS IS” basis. Make sure to run the script in LAB environment before trying in the Production environment. We take no responsibility for any kind of damage caused by running the script.


C) Saving the PowerShell Script (.ps1) File

  • Copy and paste above script code to notepad.
Copy And Paste Script Into Notepad
Copy and Paste Script into Notepad
  • Save the script as .ps1 file. .ps1 is file extension for PowerShell script files. Make sure you select All Files (*.*) in “Save as type:” dropdown below the textbox for File name:. In this tutorial we have saved script as Get-LocalAccounts.ps1.
Save Script File As Ps1 File In A Folder On Desktop
Save the Script in a folder on Desktop
  • Now you have the script ready to run. You can run this script in PowerShell to fetch all local user accounts from domain computers.
Get local accounts from domain computers: Script Saved As Ps1 File On Computer
Get-LocalAccounts.ps1 script saved on Computer

D) Running the Script to Get Local User Accounts from Domain Computers

Now, as our script is ready, we can run it in PowerShell to get the desired results. This script uses Active Directory module. So, you need to run the script on a domain controller. However, you can also run this script from client computer but you need to install RSAT tools first. Please note that you need to have Domain Admin rights in order run this script.

  • First of all, go to the folder where script is saved. Then, click on File menu, hover over Open Windows PowerShell and select Open Windows PowerShell as administrator.
Open Powershell As Administrator In The Same Folder
Open PowerShell as Administrator in the same Folder
Click On Yes When Uac Prompt Appears
Click on Yes
  • You will see the PowerShell window open with “Administrator: Windows PowerShell” title.
Powershell Opened As Administrator
PowerShell Opened As Administrator
  • Enter the name of the script in PowerShell prompt. You can use TAB key to autocomplete the script name after typing few characters of it’s name. After entering the script name, press Enter to run the script.
Getting Local Accounts from domian computers: Progress Script Running
Running the script

E) Local User Account Report in CSV Format

After running, the script will fetch local user accounts. And the output CSV file will be saved in the same folder from where you are running the script.

Get local user accounts from domain computers: Script Output Saved As Csv File In The Same Folder
Script Output Saved As Csv File

You can now open this CSV file in MS Excel to see the details. In the report, you can see the details of all local user account. And if any of the computer was not reachable, you will see Error message in the description column.

Local Account Report
Local User Accounts Report

SEE ALSO: How to Create Bulk users in Active Directory using PowerShell Script?

Fetch Local User Accounts from Domain Computers using PowerShell Script

Above tutorial explained, how you can get local accounts report from domain computers using PowerShell script. The script uses, Active Directory module. So, you need to run this script on AD server (domain controller). And if you are running the script from your local client computer, make sure to install RSAT tools first.

Hope this tutorial helps you solve your local accounts related problems. Feel free to comment down below if you face any issue while running the script. You can also subscribe to our newsletter to get such tutorials directly into your inbox. You can find subscription box down below.

Editorial Staff

Hi there, we are the editorial staff at HELLPC. We are a team of funny and technical people. Feel free to get in touch with us via Contact-Us page.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button