{"id":98,"date":"2014-06-20T15:17:02","date_gmt":"2014-06-20T19:17:02","guid":{"rendered":"http:\/\/blog.metcorp.org\/?p=98"},"modified":"2014-06-09T21:52:29","modified_gmt":"2014-06-10T01:52:29","slug":"powershell-identifying-cloned-computers-by-cmid-or-sid","status":"publish","type":"post","link":"https:\/\/adsecurity.org\/?p=98","title":{"rendered":"PowerShell: Identifying Cloned Computers by CMID or SID"},"content":{"rendered":"<p>Here\u2019s the PowerShell command for identifying the computer SID by finding local accounts:<br \/>\n<em>Get-WmiObject -class Win32_UserAccount<\/em><\/p>\n<p>This command shows the Information for the first account in the list which should be local:<br \/>\n<em>(Get-WmiObject -class Win32_UserAccount)[0]<\/em><\/p>\n<p>Here\u2019s a PowerShell command to run on each of the servers. If the result is the same, they have the same Client Machine ID (CMID):<br \/>\n<em>Get-WmiObject -class SoftwareLicensingService | Select-object ClientMachineID<\/em><\/p>\n<p>Here\u2019s a PowerShell command to run on each of the servers. If the result is the same, they have the same Client Machine ID (CMID):<br \/>\nImport-module activedirectory<br \/>\n$AllServers = Get-ADComputer \u2013filter {OperatingSystem \u2013like \u201c*Server*\u201d} \u2013property *<br \/>\nForEach ($AllServersItem in $AllServers )<br \/>\n{<br \/>\n$ServerName = $AllServersItem.Hostname<br \/>\n$ServerCMID = Get-WmiObject \u2013computer $ServerName\u00a0 -class SoftwareLicensingService | Select-object ClientMachineID<br \/>\nWrite-Output \u201c$ServerName has the CMID: $ServerCMID \u201c<br \/>\n}<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Here\u2019s the PowerShell command for identifying the computer SID by finding local accounts: Get-WmiObject -class Win32_UserAccount This command shows the Information for the first account in the list which should be local: (Get-WmiObject -class Win32_UserAccount)[0] Here\u2019s a PowerShell command to run on each of the servers. If the result is the same, they have the &hellip; <\/p>\n<p><a class=\"more-link btn\" href=\"https:\/\/adsecurity.org\/?p=98\">Continue reading<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[7],"tags":[29,31,575,30],"class_list":["post-98","post","type-post","status-publish","format-standard","hentry","category-powershell","tag-cmid","tag-findclonedcomputers","tag-powershell","tag-sid","item-wrap"],"_links":{"self":[{"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/posts\/98","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/adsecurity.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=98"}],"version-history":[{"count":1,"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/posts\/98\/revisions"}],"predecessor-version":[{"id":99,"href":"https:\/\/adsecurity.org\/index.php?rest_route=\/wp\/v2\/posts\/98\/revisions\/99"}],"wp:attachment":[{"href":"https:\/\/adsecurity.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=98"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/adsecurity.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=98"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/adsecurity.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=98"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}