$localAdmins = net localgroup administrators | Where-Object {$_ -AND $_ -notmatch "command completed successfully"} | Select-Object -skip 4
$pwd = ""

foreach ($admin in $localAdmins) {
    if ($admin -match "^DOM1|^DOM2|^DOM3") {
        $domUser = $admin.split("`\")
        $domain = $domUser[0]
        $acc = $domUser[1]
    }
    else {
        $domain = $false
        $acc = $admin
    }
    if ($acc -like "GroupName*") {
        #break current iteration, not user but group
        continue
    }
    Add-Type -AssemblyName System.DirectoryServices.AccountManagement
    if($domain) {
        $DS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext('domain',$domain)
    }
    else {
        $DS = New-Object System.DirectoryServices.AccountManagement.PrincipalContext('machine',$env:computername)
        try {
            $result = $DS.ValidateCredentials($acc, $pwd)
        }
        catch {
            $check = net user $acc
            if ($check -match "locked") {
                net user $acc /active:yes
            }
        }
    }
    $env:computername+";"+$acc+";"+$DS.ValidateCredentials($acc, $pwd)
}