I’ve recently observed Get-LoggedOnUser showing IsLocalAdmin=false when executed from an elevated shell running as local admin.
This machine is domain joined, but the PSADT script was running as a local administrator. I verified that via gpresult /r that the account was in BUILTIN\Administrators.
I’ll put some debug in the CS code to see whats going on here, but while I do that has anyone else seen this behaviour?
Well I put in some debug writes and determined that the issue is being caused by NTAccount.Translate(…) throwing a System.Security.Principal.IdentityNotMappedException. As a result, any unresolvable SID will cause the IsLocalAdmin test not to complete and default to false.
The issue is that the ID provided could actually be a SID for a no-longer-accessible domain/computer, which therefore cannot be resolved.
I think the fix in this case is to check for this exception and ignore it.
That’s a good find.
We have a github repo if you want to create an issue, or a pull request
Or if not, let me know and I’ll work on those.