This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(76.8, 84%, 17%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETN%3C/text%3E%3C/svg%3E)
Hi,
I have a problem with administrator local account.
Now, I can get it from computers in domain. But it enabled and disabled account.
Is there any way to only get administrator local account is still enable.
Thank for your advice.
Hi @Trần Ngọc Nam ,
you can use the cmdlet Get-LocalUser to get the details of a local user: Get-LocalUser
# Result is $true or $false depending if the account is enabled or disabled
(Get-LocalUser -Name "Administrator").Enabled
If (((Get-LocalUser -Name "Administrator").Enabled) -eq $true){
Write-Output "Account enabled"
} else {Write-Output "Account disabled"}
(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
Regards Andreas Baumgarten
Thank you for your advice,
But when I run it, it reponse:
How can I do to fix it?
Hi @Trần Ngọc Nam ,
did the script work for you? Are there any additional questions to this topic? If you found the answer helpful, it would be great if you please mark it "Accept as answer". This will help others to find answers in Q&A
Regards Andreas Baumgarten
Hi @Trần Ngọc Nam ,
the cmdlet Get-LocalUser is part of the module Microsoft.PowerShell.LocalAccounts . In Windows 10, Windows Server 2016 and above this module is available with the Windows Management Framework by default. For Windows OS before you need to download and install the Windows Management Framework manually: Windows Management Framework 5.1
(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
Regards
Andreas Baumgarten
Thank you for your advice.
Yeah, thank you.
I fixed and it word. But it have problem
Can I fix it with psexec.exe ?
My command such as :
$domain = "my-domain"
$computers = Get-ADComputer -Filter * -Server $domain | Select-Object -ExpandProperty Name
foreach ($computer in $computers) {
Write-Output "$computer`: "
Invoke-Command -ComputerName $computer -ScriptBlock { If (((Get-LocalUser -Name "Administrator").Enabled) -eq $true){ Write-Output "Admin Local Account enabled" } else { Write-Host "Admin Local Account disabled" } }
}
Hi @Trần Ngọc Nam ,
there are different issues based on the error messages:
DC-ADTest-03:
Based on the error message you should verify:
Network connection to the machine is working properly (name resolution, machine is reachable via network). WinRM is setup properly on the machine. Firewall on the machine is configured properly to allow WinRM.
DC-ADTest-01:
Based on the error message you should verify:
Use a internet search of your choice and search for winrm kerberos error 0x80090322 . There are multiple reasons/solutions for this error message.
(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
Regards
Andreas Baumgarten
Can you give some advice to fix ít?
Thank you
Hi @Trần Ngọc Nam ,
please take a look at the error message in "red" of each computer. There you will find some advices to fix the issues.
(If the reply was helpful please don't forget to upvote and/or accept as answer, thank you)
Regards
Andreas Baumgarten