So, I WMI query a remote machine to get the members of its Administrators group:
SELECT PartComponent FROM Win32_GroupUser WHERE GroupComponent = "Win32_Group.Domain='MACHINE_NAME',Name='Administrators'"
It returns the PartComponent property as strings. Here's the list (names changed for security). Domain users joeblow and janedoe are indeed local admins in that machine.
\\MACHINE_NAME\root\cimv2:Win32_UserAccount.Domain="MACHINE_NAME",Name="localadmin"
\\MACHINE_NAME\root\cimv2:Win32_Group.Domain="OUR_DOMAIN",Name="Domain Admins"
\\MACHINE_NAME\root\cimv2:Win32_UserAccount.Domain="OUR_DOMAIN",Name="joeblow"
\\MACHINE_NAME\root\cimv2:Win32_UserAccount.Domain="OUR_DOMAIN",Name="janedoe"
I traverse the above results in a loop. Within it, I do the following:
ManagementObject isInThisUser = new ManagementObject(memberString);
I do that so I can extract the Domain and Name properties from each member object. In a perfect world, I would obtain the folowing list of strings as the end result:
\\MACHINE_NAME\localadmin
\\OUR_DOMAIN\Domain Admins
\\OUR_DOMAIN\joeblow
\\OUR_DOMAIN\janedoe
But here's what happens: the ManagementObject objects created by using that constructor come up empty! Domain, Name, Caption, everything, all null! Except for the first one (the local admin). For that one, the constructor works as advertised.
Why does that happen? Is it because the user making the query isn't a domain admin? (It is a local admin on the target machine, though. Actually, it's OUR_DOMAIN\janedoe.)