[void][reflection.assembly]::LoadWithPartialName("System.DirectoryServices")
[void][reflection.assembly]::LoadWithPartialName("System.DirectoryServices.AccountManagement")

function GetGroup() {
    $context = New-Object System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine)
    $searcher = New-Object System.DirectoryServices.AccountManagement.PrincipalSearcher(New-Object System.DirectoryServices.AccountManagement.GroupPrincipal($context))
<#
以下のような形式で表示する。
-------------------------
Administrators (Group)
Distributed COM Users (Group)
#>
    foreach($user in $searcher.FindAll()){
        $userValue = "" + $user.Name + " (Group)"
        Write-Host $userValue
    }
    $searcher.Dispose()
    $context.Dispose()
}

function GetUsers() {
    $context = New-Object System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine)
    $searcher = New-Object System.DirectoryServices.AccountManagement.PrincipalSearcher(New-Object System.DirectoryServices.AccountManagement.UserPrincipal($context))
    
<#
以下のような形式で表示する。
複数ユーザーがいれば、その分、繰り返し表示する。
-------------------------
Administrator (User)
  HomeUsers (Group)
  Administrators (Group)
#>
    foreach($user in $searcher.FindAll()){
        Write-Host -------------------------
        $userValue = "" + $user.Name + " (User)"
        Write-Host $userValue
        foreach($group in $user.GetGroups()){
            $groupValue = "  " + $group.Name + " (Group)"
            Write-Host $groupValue
        }
    }
    $searcher.Dispose()
    $context.Dispose()
}

GetGropups






function test() {
    $context = New-Object System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine)
    $principal = [System.DirectoryServices.AccountManagement.UserPrincipal]::FindByIdentity($context, [System.DirectoryServices.AccountManagement.IdentityType]::Name, "test1")
    if($principal -eq $null) {
        $principal.Delete
    } else {
        $principal = New-Object System.DirectoryServices.AccountManagement.UserPrincipal($context);
        $principal.Name = "test1";
        $principal.SamAccountName = "test1";
        $principal.Enabled = $true;
        $principal.SetPassword("test1");
        $principal.PasswordNeverExpires = $true;
        $principal.UnlockAccount()
        $principal.Save();
        $principal.UnlockAccount()
    }
    $context.Dispose
}