Get localgroupmember failed to compare two elements in the array

Question

I have a script I'm using to auto add domain users into a specific group. It also incorporates a stop/restart of a 3rd party service that adds them into a secure user file. I'd like for this script to end the moment it finds that the user is already a part of the group, and NOT stop/start the service. This is what I have so far:

Invoke-Command -ComputerName ServerNameHere -ScriptBlock {add-LocalGroupMember -Group "GroupNameHere" -Member $env:USERDOMAIN\$env:USERNAME }
*--Add in line here that terminates the script once user is found to already be a member and not restart the service below*
Stop-Service -Name "ServiceNameHere"
timeout /t 5 /nobreak
Start-Service -Name "ServiceNameHere"

When I run the script, I get the below message, which is normal, and then the script continues to run, thus restarting the service anyway.

Domain\User is already a member of group GroupName
    + CategoryInfo          : ResourceExists: (GroupName:String) [Add-LocalGroupMember], MemberExistsException
    + FullyQualifiedErrorId : MemberExists,Microsoft.PowerShell.Commands.AddLocalGroupMemberCommand
    + PSComputerName        : ServerName

Thanks for all your help in advance!

asked Sep 27, 2021 at 18:05

1

You could check the output of Invoke-Command before restarting the service:

$Result = Invoke-Command -ComputerName ServerNameHere -ScriptBlock {
  # Check whether user is already a member of group
  If ((Get-LocalGroupMember 'GroupNameHere').Name -notcontains "$env:USERDOMAIN\$env:USERNAME") {
    Add-LocalGroupMember -Group 'GroupNameHere' -Member "$env:USERDOMAIN\$env:USERNAME" 
    Write-Output $True
  }
  Else { Write-Output $False }
}

# If group membership changed, restart service:
If ($Result) {
  Stop-Service -Name "ServiceNameHere"
  timeout /t 5 /nobreak
  Start-Service -Name "ServiceNameHere"
}

answered Sep 27, 2021 at 18:36

Cpt.WhaleCpt.Whale

3,8941 gold badge11 silver badges14 bronze badges

2

Thanks to @Cpt.Whale for helping me on this.

I was running into the PowerShell "Get-LocalGroupMember - Failed to compare two elements in the array." bug as described here when you have orphaned SIDs. I came across this post here that helped me figure out how to remove the orphaned SIDs. Below is the new fully working script.

Important Note: You need PowerShell V5.1 for this. Also, you have to enable remote signing. From Powershell check first with a simple "Set-ExecutionPolicy RemoteSigned" (may as well run "winrm quickconfig", as well).

Working Script:

$strComputer = 'ServerNameHere'
$serviceName = 'ServiceNameHere'

#Remove orphaned SIDs from Windows Local Groups
$computer = [ADSI]("WinNT://" + $strComputer + ",computer")
$group = $computer.psbase.children.find("LocalGroupNameHere")
$group.Name
$Userlist = ([ADSI]"WinNT://$strComputer/LocalGroupNameHere").psbase.Invoke('Members') | % { ([ADSI]$_).InvokeGet('AdsPath') }
#For each user in that list, if the name is a SID, Remove the specific SID from the group. 
foreach ($user in $Userlist) {
if ($user -like "WinNT://S-1-5-*") {
#Remove the specific SID from the group, as passed as a string (not an object).
$group.remove($user)}
}

$Result = Invoke-Command -ComputerName $strComputer -ScriptBlock {
  # Check whether user is already a member of group
  If ((Get-LocalGroupMember 'LocalGroupNameHere').Name -notcontains "$env:USERDOMAIN\$env:USERNAME") {
    Add-LocalGroupMember -Group 'LocalGroupNameHere' -Member "$env:USERDOMAIN\$env:USERNAME" 
    Write-Output $True
  }
  Else { Write-Output $False }
}

# If group membership changed, restart service:
If ($Result) {
  (get-service -ComputerName $strComputer -Name $serviceName).Stop()
  timeout /t 5 /nobreak
  (get-service -ComputerName $strComputer -Name $serviceName).Start()
}

answered Oct 24, 2021 at 17:25

local-groupssecurity-groupswindows 10

Following commands run on a Windows 10 VM that's joined to AzureAD:

PS C:\Windows\system32> Get-LocalGroupMember -Group Administrators
Get-LocalGroupMember : Failed to compare two elements in the array. At
line:1 char:1
PS C:\Windows\system32> Get-LocalGroupMember -Group Users
Group NT AUTHORITY\Authenticated Users Unknown
Group NT AUTHORITY\INTERACTIVE Unknown
PS C:\Windows\system32> net localgroup administrators
Members
Administrator AzureAD\UserName

Any idea why the PowerShell Get-LocalGroupMember command is generating an error on the Administrators group whereas net localgroup works as does Get-LocalGroupMember for the Users group?

localgroupmember failed compare elements array Get-LocalGroupMember multiple groups get-localgroupmember remote computer add-localgroupmember get-localgroupmember filter Get-LocalGroupMember recursive remove-localgroupmember

Get localgroupmember failed to compare two elements in the array

Related Posts

Domexception failed to execute open on xmlhttprequest invalid url

Php_network_getaddresses getaddrinfo failed name or service not known

Failed to execute createobjecturl on url: overload resolution failed.

Ssl3_get_server_certificate:certificate verify failed phpmailer letsencrypt

Advertising

LATEST NEWS

Lift chair recliner for sale near me

What should we avoid eating during periods

How to set alarm on iphone 12

What can cause my dog to poop blood

Delta skymiles credit card upgrade from gold to platinum

What is eric andres net worth

Can you increase milk supply at 5 months

Hospital jobs near me no experience needed

Hes mine rodney atkins lyrics

Mercury marine 15 20 hp 4 stroke oil change kit

Advertising

Populer

Advertising

About

Legal

Help

Social