Function Extract-Rid([byte[]] $sid) {
  $sid_length = $sid.Count
  $sid[$sid_length - 4] + 256 * $sid[$sid_length - 3] + 65536 * $sid[$sid_length - 2] + 16777216 * [uint32]$sid[$sid_length - 1]
}

Function Is-SystemUserSid([byte[]] $sid) {
    if (($sid.Count -eq 28) -and ($sid[0] -eq 1) -and ($sid[1] -eq 5) -and ($sid[7] -eq 5) -and ($sid[8] -eq 21)) {
      $rid = Extract-Rid($sid)
      ($rid -lt 1000)
    } else {
      $FALSE
    }
}

Function Is-SystemGroupSid([byte[]] $sid) {
    ($sid.Count -eq 16) -and ($sid[0] -eq 1) -and ($sid[1] -eq 2) -and ($sid[7] -eq 5) -and ($sid[8] -eq 32)
}

$computer = [ADSI] "WinNT://."
$computer.Children.SchemaFilter.Clear()
$computer.Children.SchemaFilter.AddRange(@("user", "group"))
#$users = $computer.Children | Where-Object { Is-SystemUserSid($_.objectSid[0]) } | foreach {
$users_and_groups = $computer.Children | foreach {
    $sid = $_.objectSid[0];
    if (Is-SystemUserSid($sid)) {
      [PSCustomObject] @{
        "Type" = "User";
        "RID" = Extract-Rid($_.objectSid[0]);
        #"SID" = ((New-Object System.Security.Principal.SecurityIdentifier($_.objectSid[0], 0)).value.ToString());
        "Name" = $_.Name.Value;
        "Description" = $_.Description.Value
      }
    } elseif (Is-SystemGroupSid($sid)) {
      [PSCustomObject] @{
        "Type" = "Group";
        "RID" = Extract-Rid($_.objectSid[0]);
        #"SID" = ((New-Object System.Security.Principal.SecurityIdentifier($_.objectSid[0], 0)).value.ToString());
        "Name" = $_.Name.Value;
        "Description" = $_.Description.Value
      }
    }
  }
$users_and_groups | Format-Table -AutoSize
$users_and_groups | Export-Csv -Delimiter "`t" -Path "users_and_groups.txt" -Encoding UTF8