So, I WMI query a remote machine to get the members of its Administrators
group:
SELECT PartComponent FROM Win32_GroupUser WHERE GroupComponent = "Win32_Group.Domain='MACHINE_NAME',Name='Administrators'"
It returns the PartComponent
property as strings. Here's the list (names changed for security). Domain users joeblow
and janedoe
are indeed local admins in that machine.
\\MACHINE_NAME\root\cimv2:Win32_UserAccount.Domain="MACHINE_NAME",Name="localadmin"
\\MACHINE_NAME\root\cimv2:Win32_Group.Domain="OUR_DOMAIN",Name="Domain Admins"
\\MACHINE_NAME\root\cimv2:Win32_UserAccount.Domain="OUR_DOMAIN",Name="joeblow"
\\MACHINE_NAME\root\cimv2:Win32_UserAccount.Domain="OUR_DOMAIN",Name="janedoe"
I traverse the above results in a loop. Within it, I do the following:
ManagementObject isInThisUser = new ManagementObject(memberString);
I do that so I can extract the Domain and Name properties from each member object. In a perfect world, I would obtain the folowing list of strings as the end result:
\\MACHINE_NAME\localadmin
\\OUR_DOMAIN\Domain Admins
\\OUR_DOMAIN\joeblow
\\OUR_DOMAIN\janedoe
But here's what happens: the ManagementObject
objects created by using that constructor come up empty! Domain, Name, Caption, everything, all null
! Except for the first one (the local admin). For that one, the constructor works as advertised.
Why does that happen? Is it because the user making the query isn't a domain admin? (It is a local admin on the target machine, though. Actually, it's OUR_DOMAIN\janedoe
.)