Add Domain group AND domain user to LOCAL Admin group

First off, I am not very good at scripting at all but need some help with this task.

I have the following scenario:

1.) I image a new PC (not joined to domain at all yet)
2.) Boot it up for the first time
3.) I have a script that adds the PC to our domain, and it WORKS FINE (see below)

***********************************************
Const JOIN_DOMAIN = 1
Const ACCT_CREATE = 2
Const ACCT_DELETE = 4
Const WIN9X_UPGRADE = 16
Const DOMAIN_JOIN_IF_JOINED = 32
Const JOIN_UNSECURE = 64
Const MACHINE_PASSWORD_PASSED = 128
Const DEFERRED_SPN_SET = 256
Const INSTALL_INVOCATION = 262144
 
strDomain = "MYDOMAIN"
strPassword = "23409843"
strUser = "secretadmin"
 
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName
 
Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
    strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & _
        strComputer & "'")
 
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
    strPassword, strDomain & "\" & strUser, NULL, _
        JOIN_DOMAIN + ACCT_CREATE)

********************************************



4.) I now want to script the adding of the DOMAIN USER & DOMAIN GROUPS to the LOCAL ADMINISTRATOR group. The problem I am having is that the script below does not have rights to add the DOMAIN info to the LOCAL group.



*****************************************


On Error Resume Next

'get main objects/variables
Set ws = WScript.CreateObject ( "WScript.Shell" )
compname = ws.ExpandEnvironmentStrings ( "%COMPUTERNAME%" )
Set adGrp = GetObject ( "WinNT://" & compname & "/Administrators,group" )

'add domain groups to local admin group
adGrp.Add ( "WinNT://MYDOMAIN/_Help Desk,group" )
adGrp.Add ( "WinNT://MYDOMAIN/_Micro Support,group" )

'handle errors
If (Err.Number <> 0) Then
strError = "AddAdmins.vbs was unable to add the specified groups to the local Administrators group."
strError = strError & vbCrLf & vbCrLf
strError = strError & "Error #: " & Err.Number & vbCrLf
strError = strError & "Source: " & Err.Source & vbCrLf
strError = strError & "Description: " & Err.Description & vbCrLf
ws.LogEvent 1, strError
Else
ws.LogEvent 0, "The local Administrators group was successfully updated."
End If

****************************************

How do I modify the script above to use the proper credentials to properly add the accounts to the LOCAL administrators group AND also to add a DOMAIN USER to the group as well? An input box could work for asking for the users' domain logon...but I have no idea how to accomplish this.
ViperZ2000Asked:
Who is Participating?
 
craylordConnect With a Mentor Commented:
Under what credentials is the script being run? For it to query the domain you need to use domain credentials.
This can also be applied using the net localgroup command.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.