net localgroup command not working

Hello

We've got a large AD split into regional OU's - I want to add a net localgroup command into the login scripts of our users to ensure that one of our groups is in the local administrators group.

Now.. for example, the domain is called domain.company.com - and the security group object is in AD under domain.company.com/London/Building2/Groups/LON-Building2 Administrators

I've tried a series of commands but seemingly to no avail - any ideas people?

Thanks a lot, 500pnts for this.
LVL 1
davelsAsked:
Who is Participating?
 
abu_deepCommented:
The former global groups net localgroup should have a length less than 20 characters so make your self pretty sure that you've never break the 20 characters limit . Windows NT4 had a length restriction of 20 characters, and that still lingers on in some commands. For this to work using "net local group", use the NT4 compatible group name (you'll find it in ADUC in the properties of the group)

Also  Windows 2000 Server have the same issue with the 20 characters .

Taking in account that it works ok when you add global group to local group with "lusrmgr.msc" kind of Bug on net localgroup
0
 
oBdACommented:
For the "net localgroup" command, you have to use the pre-Windows 2000 group name; if this contains spaces, you need to enclose it in quotation marks.
net localgroup Administrators "YourDomainName\Your Domain Group" /add
should work. That is, if you use it in a GPO startup script for the machine. In a user logon script, this will only work if the user logging on already has local administrator privileges.
0
 
kmiller236Commented:
You’ll notice that if you use a “net localgroup administrators /add DOMAIN\Group” that the command fails with a syntax error.  Some folks say that this is because of a limitation on the length of the group name, but I call shenanigans on that explanation.  At any rate, you’ll slam your head against your desk for a while, until you do the following:

1) Open up Notepad

2) Paste in the following lines, substituting [DOMAINNAME] and [DOMAINGROUPNAME] as necessary:


Set objLocalGroup = GetObject("WinNT://./Administrators")

Set objADGroup1 = GetObject("WinNT://DOMAINNAME/DOMAINGROUPNAME")

objLocalGroup.Add(objADGroup1.ADsPath)

Set objLocalGroup = Nothing

Set objADGroup = Nothing



3) Go to File > Save As, and save it on your Desktop as “script.vbs”

4) Go to Start and type in cmd, then right-click on cmd and choose “Run as Administrator”:

5) CD to your Desktop and then run the command: “cscript script.vbs” as in the example below, and once the script runs, do a “net localgroup administrators” to verify that the script added the requested group properly:
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.