  • Hello.

    I have VBS script that fetches members of local administrator group. 

    It works fine on all versions since 2008 or higher, but on windows server 2003 it doesn't get one domain group, that does exist in local administrators group.

    I see that group in GUI, but it doesnt exist in namespace Win32_GroupUser. Why?

    Sub GetAdministrators(strComputerName)
        Dim objWMIService, strQuery, colItems, Path, strMembers
        groupname = ""
        domain = "."
        sid ="S-1-5-32-544"
        Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\.\root\cimv2")
        qry = "SELECT * FROM Win32_Group WHERE Domain = ""."" and SID=""S-1-5-32-544"""
        For Each group In objWMIService.ExecQuery(qry)
        groupname = group.Name
        strQuery = "select * from Win32_GroupUser where GroupComponent = " & chr(34) & "Win32_Group.Domain='" & strComputerName & "',Name='" & groupname & "'" & Chr(34)
        Set ColItems = objWMIService.ExecQuery(strQuery)
        strMembers = ""
        For Each Path In ColItems
            Dim strMemberName, NamesArray, strDomainName, DomainNameArray
            NamesArray = Split(Path.PartComponent,",")
            strMemberName = Replace(Replace(NamesArray(1),Chr(34),""),"Name=","")
            DomainNameArray = Split(NamesArray(0),"=")
            strDomainName = Replace(DomainNameArray(1),Chr(34),"")
            If strDomainName <> strComputerName Then
                strMemberName = strDomainName & "\" & strMemberName
            End If
            WScript.Echo strMemberName
    End Sub
    Function GetComputerName()
        Set objWMISvc = GetObject( "winmgmts:\\.\root\cimv2" )
        Set colItems = objWMISvc.ExecQuery( "Select * from Win32_ComputerSystem", , 48 )
        For Each objItem in colItems
            strComputerName = objItem.Name
            GetComputerName = strComputerName
    End Function
    GetAdministrators GetComputerName()
    Sunday, September 17, 2017 3:38 PM

  • What group is missing? 


    Sunday, September 17, 2017 3:44 PM
  • All of that VBS code can be reduced to one line with PowerShell.

    Get-WmiObject win32_group -filter 'Name="Administrators"' | 
    	ForEach-Object{ $_.GetRelated('WIn32_Account') } | 
    	Select-Object caption


    Sunday, September 17, 2017 3:56 PM
  • Of course I know about powershell but i don't want to use it because of some WinServer 2k3 machines.

    One domain group is missing in namespace, but it exists in GUI. Other domain groups are visible everywhere.

    This behaviour seems very strange. I can't be sure that on other machines with WinServer 2k3 this script will give actual output.

    Sunday, September 17, 2017 4:37 PM
  • PowerShell works just fine on W2K3 systems. Just run it remotely from your workstation.

    Get-WmiObjectwin32_group -filter 'Name="Administrators"'-Computer myW2K3PC


    Sunday, September 17, 2017 4:41 PM
  • One domain group is missing in namespace, but it exists in GUI. Other domain groups are visible everywhere..

    You still haven't told us which domain group is missing?


    Sunday, September 17, 2017 4:42 PM
  • Should I tell the name of the group? Or you mean another parameter?

    Powershell is not enabled on W2k3 by default.

    Sunday, September 17, 2017 7:03 PM
  • WMI does not require PowerShell.  Just run from any machine that has PowerShell installed.

    WS2003 and WS2008 are no longer supported systems.  WS2003 has been out-of-support for years.  It should not be used for security reasons as no more patches are being distributed for out-of-support systems.


    Sunday, September 17, 2017 8:27 PM