Azure, Cloud, PowerShell, Server, Windows

Get-LocalAccountMemberships: Get Local Accounts and their Group Memberships

Okay, yeah there are plenty of scripts out which give you local accounts via WMI or ADSI and yes scripts exist also which give you all local groups but there is not one which gives you both (of course there are also some) but what if you’re looking to implement this as a CustomScriptExtension to your Azure VM? Especially if the Custom Script Extension Output is limited to only 4096 characters? Did you know that? This script was developed to minimize the output of local accounts and their group membershiaps and gives you a meaningful expression of user accounts sitting on your VM. Check this out:

A simple output of Get-LocalAccountMemberships looks like this

So, while exporting your output with the help of Export-Clixml and showing the output of your XML file again in the console output as a readable xml structure.

Once a script was being run on a VM the common output of the Custom Script Extensions looks like this:

You can grab this output of your CustomScriptExtension on your VM with the help of that:

The trick here is to get the output message from your CustomScriptExtension with $output.SubStatuses[0].Message, removing every “\n“, save it and import it as a readable xml structure.
Once digested and imported with Import-Clixml you get the same output as before.

So why are we doing it this way?
Consider that, you’re going to execute a Custom Script Extension on your VM without having remote access to it, yes you don’t have access to it BUT you know you can use the Azure VMAgent which is by default installed on every VM in Azure. With having a Custom Script Extension executed including any of your script, e.g. “Get-LocalAccountMemberships” you can grab details from your machine without accessing it at all.