10

我使用以下代码来确定本地管理员组的成员:

$obj_group = [ADSI]"WinNT://localhost/Administrators,group"
$members=@($obj_group.Invoke("Members"))|foreach{$_.GetType().InvokeMember("Name","GetProperty",$null,$_,$null)}
Write-Output "Current local Administrators: $members"

此代码适用于 PowerShell 2.0 - 4.0。但是,在我的装有 PowerShell 5.0 的 Windows 10 机器上,它坏了。对于属于本地 Administrators 组的每个本地帐户,它会引发以下错误:

Error while invoking GetType. Could not find member.
At line:2 char:54
+ ... "))|foreach{$_.GetType().InvokeMember("Name","GetProperty",$null,$_,$ ...
+                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (:) [], MissingMemberException
    + FullyQualifiedErrorId : System.MissingMemberException

对于属于 Administrators 的域帐户,不会生成错误。

令我困惑的是GetType()对象的成员(我手动追踪了命令),所以我不确定它为什么会出错。

我查看了 PowerShell 5.0 的变更日志,没有看到任何可以明显解释这种行为的内容。

为什么会这样?如果有更好的方法在 PowerShell 5.0 中打印本地组的成员?

4

4 回答 4

12

我自己遇到了这个问题并想出了一个解决方法(在 Windows 10 和 8.1 中测试)

$obj_group = [ADSI]"WinNT://localhost/Administrators,group"
$members= @($obj_group.psbase.Invoke("Members")) | foreach{([ADSI]$_).InvokeGet("Name")}
Write-Output "Current local Administrators: $members"
于 2015-08-20T14:40:09.610 回答
5

Jamie 的回答非常适合您的具体问题,但我需要从成员那里获得多个属性。我发现您可以在不更改代码的情况下通过在调用之前调用来解决InvokeGetType问题InvokeMember()请注意,GetType在下面的代码中不再有它:

$obj_group = [ADSI]"WinNT://localhost/Administrators,group"
$members=@($obj_group.Invoke("Members"))|foreach{$_.GetType.Invoke().InvokeMember("Name","GetProperty",$null,$_,$null)}
Write-Output "Current local Administrators: $members"

这是我的用例,它提供了有关组成员的更多信息。由于使用了 Resolve-DNS 命令,这确实需要 PowerShell 4.0:

function Get-LocalGroupMembers {
<#
.Synopsis
   Get the group membership of a local group on the local or a remote computer
.EXAMPLE
   Defaults to collecting the members of the local Administrators group

    PS C:\> Get-LocalGroupMembers | ft -AutoSize

    ComputerName ParentGroup Nesting Name          Domain       Class
    ------------ ----------- ------- ----          ------       -----
    EricsComputer                   0 Administrator EricsComp    User 
    EricsComputer                   0 eric          EricsComp    User 
    EricsComputer                   0 Domain Admins DomainName   Group
.EXAMPLE
   Query a remote computer (that is known not to respond to a ping) and a targeted group

    PS C:\> Get-LocalGroupMembers -computerName EricsComputer -localgroupName Users -pingToEstablishUpDown $false

    ComputerName ParentGroup Nesting Name          Domain       Class
    ------------ ----------- ------- ----          ------       -----
    EricsComputer                   0 SomeOtherGuy  EricsComp    User 

.NOTES
   The ParentGroup and Nesting attributes in the output are present to allow
   the output of this function to be combined with the output of 
   Get-ADNestedGroupMembers.  They serve no purpose otherwise.
#>
    Param(
        $computerName = $env:computername,
        $localgroupName = "Administrators",
        $pingToEstablishUpDown = $true
    )
    $requestedComputerName = $computerName
    if ($computername = Resolve-DnsName $computername) {
        $computername = ($computername | where querytype -eq A).Name
        if ($computername -ne $requestedComputerName) {
            Write-Warning "Using name $computerName for $requestedComputerName"
        }
    } else {
        Write-Warning "Unable to resolve $requestedComputerName in DNS"
        return "" | select @{label="ComputerName";Expression={$requestedComputerName}},
                                        @{label="ParentGroup";Expression={""}},
                                        @{label="Nesting";Expression={""}},
                                        @{Label="Name";Expression={"ComputerName did not resolve in DNS"}},
                                        @{Label="Domain";Expression={"ComputerName did not resolve in DNS"}},
                                        @{Label="Class";Expression={"ComputerName did not resolve in DNS"}}
    }
    if ($pingToEstablishUpDown) {
        if (-not (Test-Connection -count 1 $computerName)) {
            Write-Warning "Unable to ping $computerName, aborting ADSI connection attempt"
            return "" | select @{label="ComputerName";Expression={$requestedComputerName}},
                                        @{label="ParentGroup";Expression={""}},
                                        @{label="Nesting";Expression={""}},
                                        @{Label="Name";Expression={"Not available to query"}},
                                        @{Label="Domain";Expression={"Not available to query"}},
                                        @{Label="Class";Expression={"Not available to query"}}
        }
    }
    try {
        if([ADSI]::Exists("WinNT://$computerName/$localGroupName,group")) {    
            $group = [ADSI]("WinNT://$computerName/$localGroupName,group")  
            $members = @()  
            $Group.Members() | foreach {
                $AdsPath = $_.GetType.Invoke().InvokeMember("Adspath", 'GetProperty', $null, $_, $null)
                # Domain members will have an ADSPath like WinNT://DomainName/UserName.  
                # Local accounts will have a value like WinNT://DomainName/ComputerName/UserName.  
                $a = $AdsPath.split('/',[StringSplitOptions]::RemoveEmptyEntries)
                $name = $a[-1]  
                $domain = $a[-2]  
                $class = $_.GetType.Invoke().InvokeMember("Class", 'GetProperty', $null, $_, $null)  

                $members += "" | select @{label="ComputerName";Expression={$computerName}},
                                        @{label="ParentGroup";Expression={""}},
                                        @{label="Nesting";Expression={0}},
                                        @{Label="Name";Expression={$name}},
                                        @{Label="Domain";Expression={$domain}},
                                        @{Label="Class";Expression={$class}}
            }    
        }  
        else {  
            Write-Warning "Local group '$localGroupName' doesn't exist on computer '$computerName'"  
        }
    }
    catch { 
        Write-Warning "Unable to connect to computer $computerName with ADSI"
        return $false }
    return ,$members
}
于 2015-12-29T18:28:04.897 回答
3

好的!需要这个!

.net 方式也是一种绕过方式:

Add-Type -AssemblyName System.DirectoryServices.AccountManagement
$ctype = [System.DirectoryServices.AccountManagement.ContextType]::Machine
$computer =  $env:COMPUTERNAME
$context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext -ArgumentList $ctype, $computer
$idtype = [System.DirectoryServices.AccountManagement.IdentityType]::SamAccountName
$group = [System.DirectoryServices.AccountManagement.GroupPrincipal]::FindByIdentity($context, $idtype, 'Administrators')
$group.Members |  select @{N='Server'; E={$computer}}, @{N='Domain'; E={$_.Context.Name}}, samaccountName
于 2016-01-28T14:49:35.373 回答
1

您可能想在此处发布错误,因为有人可能有可用的解决方法。

于 2015-08-12T01:30:05.690 回答