Local User Admin Accounts On Member Servers which are Disabled in AD Within Domain Forrest


I'm a PowerShell newbie. 

I'd like to know if there is a Windows PowerShell script that will target all Member Servers (non Domain Controllers) within a domain as to user accounts found within Local Administrators security group which are disabled in Active Directory and pipe information to csv file?

Any support would be kindly appreciated?


PowerShell active directory module is already installed and working.

  • You do not use the ADDS cmdlets to look at local users and groups. You use the AD cmdlets to get your server list (as wells as all other AD stuff) and use other cmdlets to get local users.

    If you are on PoSHv5 and higher, it has cmdlets specifically for local users and groups.

    Power​Shell 5.1 
    This section contains the help topics for the Local Accounts cmdlets in Windows PowerShell.

    If you are on older versions, you use the ADSI/WinNT provider to get that info ...

    Adding Local Users to Local Groups
    Connect to the actual group
    Adding a user to a group is a bit different than creating a local user or a local group. When I add a user to a group, I need to connect to the group itself. I still need to open the Windows PowerShell console or ISE with Admin rights, but this time the connection is a bit more complicated. I still use the [ADSI] type accelerator, I still use WinNT as my provider, and I still specify the name of the computer. But I also must specify the name of the group and provide a hint that I am connecting to a group. Here is the command:
    $group = [ADSI]"WinNT://edlt/mygroup,group"

    .. and you can also look to the modules in the MS PowerShell Gallery.

    PowerShell Module to Manage Local Users and Groups 1.4
    This is version 1.4 of the module.  It's still early in it's development but should ease on some of the headaches of managing local users and groups.There is better version of this module compiled to Binary code

    Local User Management Module
    This Windows PowerShell module contains the following functions: New-LocalGroup New-LocalUser Remove-LocalGroup Remove-LocalUser Set-LocalGroup Set-LocalUser Set-LocalUserPassword Test-IsAdministrator