Import Local Group from remote server via Powershell
I am working on the easiest way to copy security settings from one server to another, using Powershell, and I'm curious if it's possible to import and entire group, including it's Description and Members properties?
Below is the script I currently have. It appears that I can access the local Group on the remote server using the ADSI adapter, however the Create command bombs with the following error message
Exception calling "Create" with "2" argument(s): "Type mismatch. (Exception from HRESULT: 0x80020005 (DISP_E_TYPEMISMATCH))" At \prdhilfs02\install\Monet\ServerUpgrade\DEVHILWB119\Scripts\LocalUsersAndGroups.ps1:25 char:1+ $objCreate = $cn.Create("Group", $objRemote)
$computerName = "DEVWB89"
$objRemote = [ADSI]("WinNT://$computerName/$groupName")
$cn = [ADSI]"WinNT://localhost"
$cn.Create("Group", $objRemote)
EDIT
So I can accomplish what I want by using the script below. I can use the Group Name and Description from the remote server as well as the group information. However, is there a way to use Powershell to simply add the System.DirectoryServices.DirectoryEntry object, and all it's properties, to the local machine? Also, another drawback, is that I have to hard-code the domain for the Group's users.
$cn = [ADSI]"WinNT://localhost"
$computerName = "DEVWB89"
foreach($groupName in $groupArray)
{
$objRemote = [ADSI]("WinNT://$computerName/$groupName")
$objGroup = $cn.Create("Group", $($objRemote.Name))
$objGroup.setinfo()
$objGroup.description = $objGroup.Description
$objGroup.setinfo()
$Members = @($objRemote.psbase.Invoke("Members"))
$Members | ForEach-Object {$MemberNames += $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null) + ",";}
$tempArray = $MemberNames -split ","
foreach($member in $tempArray)
{
$objGroup.Add("WinNT://SYMETRA/$member, user")
}
}
NealR1 Answer
This will list out all the members of the groups:
$Members = @($objRemote.psbase.Invoke("Members"))
$Members | ForEach-Object {$MemberNames += $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null);}
$MemberNames
More helpful info:
PS C:\Users\YourUser\Desktop> $objAdmin = [ADSI]("WinNT://localhost/Administrator")
PS C:\Users\YourUser\Desktop> $objAdmin | gm
TypeName: System.DirectoryServices.DirectoryEntry
Name MemberType Definition
---- ---------- ----------
ConvertDNWithBinaryToString CodeMethod static string ConvertDNWithBinaryToString(psobject deInstance, psobject dnWithBinaryIns...
ConvertLargeIntegerToInt64 CodeMethod static long ConvertLargeIntegerToInt64(psobject deInstance, psobject largeIntegerInstance)
AutoUnlockInterval Property System.DirectoryServices.PropertyValueCollection AutoUnlockInterval {get;set;}
BadPasswordAttempts Property System.DirectoryServices.PropertyValueCollection BadPasswordAttempts {get;set;}
Description Property System.DirectoryServices.PropertyValueCollection Description {get;set;}
FullName Property System.DirectoryServices.PropertyValueCollection FullName {get;set;}
HomeDirDrive Property System.DirectoryServices.PropertyValueCollection HomeDirDrive {get;set;}
HomeDirectory Property System.DirectoryServices.PropertyValueCollection HomeDirectory {get;set;}
LastLogin Property System.DirectoryServices.PropertyValueCollection LastLogin {get;set;}
LockoutObservationInterval Property System.DirectoryServices.PropertyValueCollection LockoutObservationInterval {get;set;}
LoginHours Property System.DirectoryServices.PropertyValueCollection LoginHours {get;set;}
LoginScript Property System.DirectoryServices.PropertyValueCollection LoginScript {get;set;}
MaxBadPasswordsAllowed Property System.DirectoryServices.PropertyValueCollection MaxBadPasswordsAllowed {get;set;}
MaxPasswordAge Property System.DirectoryServices.PropertyValueCollection MaxPasswordAge {get;set;}
MaxStorage Property System.DirectoryServices.PropertyValueCollection MaxStorage {get;set;}
MinPasswordAge Property System.DirectoryServices.PropertyValueCollection MinPasswordAge {get;set;}
MinPasswordLength Property System.DirectoryServices.PropertyValueCollection MinPasswordLength {get;set;}
Name Property System.DirectoryServices.PropertyValueCollection Name {get;set;}
objectSid Property System.DirectoryServices.PropertyValueCollection objectSid {get;set;}
Parameters Property System.DirectoryServices.PropertyValueCollection Parameters {get;set;}
PasswordAge Property System.DirectoryServices.PropertyValueCollection PasswordAge {get;set;}
PasswordExpired Property System.DirectoryServices.PropertyValueCollection PasswordExpired {get;set;}
PasswordHistoryLength Property System.DirectoryServices.PropertyValueCollection PasswordHistoryLength {get;set;}
PrimaryGroupID Property System.DirectoryServices.PropertyValueCollection PrimaryGroupID {get;set;}
Profile Property System.DirectoryServices.PropertyValueCollection Profile {get;set;}
UserFlags Property System.DirectoryServices.PropertyValueCollection UserFlags {get;set;}
PS C:\Users\YourUser\Desktop> $Members[0].GetType().InvokeMember("FullName", "GetProperty", $null, $Members[0], $null)
Exception calling "InvokeMember" with "5" argument(s): "The specified domain either does not exist or could not be contacted.
"
At line:1 char:1
+ $Members[0].GetType().InvokeMember("FullName", "GetProperty", $null, $Members[0] ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : COMException
PS C:\Users\YourUser\Desktop> $Members[0].GetType().InvokeMember("PasswordAge", "GetProperty", $null, $Members[0], $null)
PS C:\Users\YourUser\Desktop> $Members[0].GetType().InvokeMember("UserFlags", "GetProperty", $null, $Members[0], $null)
Nathan RiceUser contributions licensed under CC BY-SA 3.0