Occasionally, PowerShell scripts need to access or use the built-in Administrator account or the built-in Administrators group. Unfortunately, their names are localized, so their names can change based on the language of your Windows operating system.
SIDs (security identifiers)
They do use constant (well-known) SIDs (security identifiers), though. By using the SID, you can get the name. For the local Administrator group, this is trivial because here the SID is always known: S-1-5-32-544. With a one-liner, the SID can be translated.
This is the result taken from a German system:
PS> ([Security.Principal.SecurityIdentifier]'S-1-5-32-544').Translate([System.Security.Principal.NTAccount]).Value VORDEFINIERT\Administratoren
With accounts like the built-in Administrator, it’s not as simple as that. Here, only the RID (relative identifier) is known: -500.
WMI query
With a simple WMI query, you get the account that matches your filter:
PS> Get-CimInstance -ClassName Win32_UserAccount -Filter "LocalAccount = TRUE and SID like 'S-1-5-%-500'" Name Caption AccountType SID Domain ---- ------- ----------- --- ------ Administrator DELL7390\Administrator 512 S-1-5-21-2770831484-2260150476-2133527644-500 DELL7390