{"id":4463,"date":"2012-12-16T00:01:00","date_gmt":"2012-12-16T00:01:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2012\/12\/16\/weekend-scripter-use-powershell-and-wmi-associations-to-find-user-group-membership\/"},"modified":"2012-12-16T00:01:00","modified_gmt":"2012-12-16T00:01:00","slug":"weekend-scripter-use-powershell-and-wmi-associations-to-find-user-group-membership","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/weekend-scripter-use-powershell-and-wmi-associations-to-find-user-group-membership\/","title":{"rendered":"Weekend Scripter: Use PowerShell and WMI Associations to Find User Group Membership"},"content":{"rendered":"

Summary:<\/strong> Microsoft Scripting Guy, Ed Wilson, talks about using Windows PowerShell and WMI associations to find user group membership.\nMicrosoft Scripting Guy, Ed Wilson, is here. Today is sort of a mellow day. I just finished reading a mystery story called Some Like it Hawk<\/a> <\/em>by Donna Andrews. Donna is really a nice person, and her book is downright funny. Anyway, when I finish reading a book, I am always a little mellow … it is like I want more, but also am not quite ready to go to my unread book pile, and grab another one—just yet. So instead, I grab my laptop and begin playing around with Windows PowerShell. In some ways, Windows PowerShell is sort of like a good mystery story—I basically know how it will turn out, but I am not always certain how complicated things will get. At least with Windows PowerShell, I always know “whodunit.”<\/p>\n

Using a WMI association class to find group memberships<\/h2>\n

Yesterday, I talked about using a WMI association class to find members of the local administrators group<\/a>. Today, I will reverse that process and find group memberships for a specific user.\nOne of the key things to remember about WMI association classes is that they work two ways—that is, they link (or associate) one WMI class with another WMI class. In this way, you can always use one member of that association to find the other members of the association.\nThe workflow, might be something like this … I am exploring members of the local administrators group on a specific computer. I can use the code from yesterday to do this. (In fact, the code will work on a local computer or remotely across the network assuming you have proper rights to do so). I discover a user in the local administrators group that I do not believe should be there. I decide to investigate and see what other groups the user may be a member of. So, using Windows PowerShell 2.0, I can do the following:<\/p>\n

Get-WmiObject win32_groupuser |<\/p>\n

Where-Object { $_.partcomponent -match ‘name=”ed”‘} |<\/p>\n

Foreach-Object {[wmi]$_.groupcomponent}<\/p>\n

(Keep in mind, the code can be shortened quite a bit by using aliases.)<\/p>\n

When I run the code, the following is shown in the Windows PowerShell console.<\/p>\n

16:28 C:> gwmi win32_groupuser |<\/p>\n

>> Where-Object { $_.partcomponent -match ‘name=”ed”‘} |<\/p>\n

>> Foreach-Object {[wmi]$_.groupcomponent}<\/p>\n

>> <\/p>\n

 <\/p>\n

Caption               Domain               Name                 SID<\/p>\n

——-               ——               —-                 —<\/p>\n

EDLTAdministrators   EDLT                 Administrators       S-1-5-32-544<\/p>\n

IAMMREDDomain Admins IAMMRED              Domain Admins        S-1-5-21-14579568…<\/p>\n

IAMMREDDomain Users  IAMMRED              Domain Users         S-1-5-21-14579568…\nIf I have access to Windows PowerShell 3.0, I can use the new CIM cmdlets to perform this query. I first need to use the Get-CImInstance<\/strong> cmdlet to retrieve a specific CIM Instance of the Win32_UserAccount<\/strong> WMI class. I use the –filter<\/strong> parameter to limit the returned object to a specific user. I pipe this CIM instance to the Get-CimAssociatedInstance<\/strong> cmdlet and then specify the association of the Win32_GroupUser<\/strong>. The command is shown here.<\/p>\n

Get-CimInstance -Filter “name = ‘ed'” -ClassName win32_useraccount |<\/p>\n

Get-CimAssociatedInstance -Association win32_groupuser\nThe command and its output is shown here.<\/p>\n

16:31 C:> Get-CimInstance -Filter “name = ‘ed'” -ClassName win32_useraccount |<\/p>\n

>> Get-CimAssociatedInstance -Association win32_groupuser<\/p>\n

>> <\/p>\n

SID                    Name             Caption                Domain<\/p>\n

—                    —-             ——-                ——<\/p>\n

S-1-5-32-544           Administrators   EDLTAdministrators    EDLT<\/p>\n

S-1-5-21-1457956834… Domain Admins    IAMMREDDomain Admins  IAMMRED<\/p>\n

S-1-5-21-1457956834… Domain Users     IAMMREDDomain Users   IAMMRED\nWell, that is about it for today. Join me tomorrow as I begin a new week on the Hey, Scripting Guy! Blog. It will be cool … I promise.\nI invite you to follow me on Twitter<\/a> and Facebook<\/a>. If you have any questions, send email to me at scripter@microsoft.com<\/a>, or post your questions on the Official Scripting Guys Forum<\/a>. See you tomorrow. Until then, peace.\nEd Wilson, Microsoft Scripting Guy<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

Summary: Microsoft Scripting Guy, Ed Wilson, talks about using Windows PowerShell and WMI associations to find user group membership. Microsoft Scripting Guy, Ed Wilson, is here. Today is sort of a mellow day. I just finished reading a mystery story called Some Like it Hawk by Donna Andrews. Donna is really a nice person, and […]<\/p>\n","protected":false},"author":596,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[362,3,4,61,45,6],"class_list":["post-4463","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-powershell-3","tag-scripting-guy","tag-scripting-techniques","tag-weekend-scripter","tag-windows-powershell","tag-wmi"],"acf":[],"blog_post_summary":"

Summary: Microsoft Scripting Guy, Ed Wilson, talks about using Windows PowerShell and WMI associations to find user group membership. Microsoft Scripting Guy, Ed Wilson, is here. Today is sort of a mellow day. I just finished reading a mystery story called Some Like it Hawk by Donna Andrews. Donna is really a nice person, and […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/4463","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/596"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=4463"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/4463\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=4463"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=4463"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=4463"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}