ADSI Local Group Member SID

1. [CmdletBinding()]
2. param
3. (
4.     [Parameter(Mandatory=$false, Position = 0)]
5.     [string[]] $GroupsToExclude
6. )
7. Begin
8. {
9.     $groupNames = Get-CimInstance -ClassName Win32_Group -Filter "Domain='$env:COMPUTERNAME'" -Property Name | Select-Object -ExpandProperty Name
10.     [string[]] $groupNames = $groupNames | Where-Object { $_ -notin $GroupsToExclude }
11.  
12.     $de = [adsi]"WinNT://$env:COMPUTERNAME"
13. }
14. Process
15. {
16.     foreach ($groupName in $groupNames)
17.     {
18.         try
19.         {
20.             $adminGroup = $de.Children.Find($groupName, "Group")
21.  
22.             foreach ($mem in $adminGroup.psbase.Invoke("members"))
23.             {
24.                 $type = $mem.GetType()
25.                 $name = $type.InvokeMember("Name", "GetProperty", $null, $mem, $null)
26.  
27.                 [byte[]] $sidBytes = $type.InvokeMember("ObjectSid", "GetProperty", $null, $mem, $null)
28.                 $sid = New-Object System.Security.Principal.SecurityIdentifier($sidBytes, 0)
29.  
30.                 [pscustomobject]@{
31.                     Group = $groupName
32.                     Name = $name
33.                     Sid = $sid.Value
34.                 }
35.             }
36.         }
37.         finally
38.         {
39.             $adminGroup.Dispose()
40.         }
41.     }
42. }
43. End
44. {
45.     $de.Dispose()
46. }
47.