Solved

Add Domain group AND domain user to LOCAL Admin group

Posted on 2006-06-21
1
1,056 Views
Last Modified: 2012-06-27
First off, I am not very good at scripting at all but need some help with this task.

I have the following scenario:

1.) I image a new PC (not joined to domain at all yet)
2.) Boot it up for the first time
3.) I have a script that adds the PC to our domain, and it WORKS FINE (see below)

***********************************************
Const JOIN_DOMAIN = 1
Const ACCT_CREATE = 2
Const ACCT_DELETE = 4
Const WIN9X_UPGRADE = 16
Const DOMAIN_JOIN_IF_JOINED = 32
Const JOIN_UNSECURE = 64
Const MACHINE_PASSWORD_PASSED = 128
Const DEFERRED_SPN_SET = 256
Const INSTALL_INVOCATION = 262144
 
strDomain = "MYDOMAIN"
strPassword = "23409843"
strUser = "secretadmin"
 
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName
 
Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
    strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & _
        strComputer & "'")
 
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
    strPassword, strDomain & "\" & strUser, NULL, _
        JOIN_DOMAIN + ACCT_CREATE)

********************************************



4.) I now want to script the adding of the DOMAIN USER & DOMAIN GROUPS to the LOCAL ADMINISTRATOR group. The problem I am having is that the script below does not have rights to add the DOMAIN info to the LOCAL group.



*****************************************


On Error Resume Next

'get main objects/variables
Set ws = WScript.CreateObject ( "WScript.Shell" )
compname = ws.ExpandEnvironmentStrings ( "%COMPUTERNAME%" )
Set adGrp = GetObject ( "WinNT://" & compname & "/Administrators,group" )

'add domain groups to local admin group
adGrp.Add ( "WinNT://MYDOMAIN/_Help Desk,group" )
adGrp.Add ( "WinNT://MYDOMAIN/_Micro Support,group" )

'handle errors
If (Err.Number <> 0) Then
strError = "AddAdmins.vbs was unable to add the specified groups to the local Administrators group."
strError = strError & vbCrLf & vbCrLf
strError = strError & "Error #: " & Err.Number & vbCrLf
strError = strError & "Source: " & Err.Source & vbCrLf
strError = strError & "Description: " & Err.Description & vbCrLf
ws.LogEvent 1, strError
Else
ws.LogEvent 0, "The local Administrators group was successfully updated."
End If

****************************************

How do I modify the script above to use the proper credentials to properly add the accounts to the LOCAL administrators group AND also to add a DOMAIN USER to the group as well? An input box could work for asking for the users' domain logon...but I have no idea how to accomplish this.
0
Comment
Question by:ViperZ2000
1 Comment
 
LVL 16

Accepted Solution

by:
craylord earned 500 total points
ID: 16963243
Under what credentials is the script being run? For it to query the domain you need to use domain credentials.
This can also be applied using the net localgroup command.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you build your web application in Visual Studio you'll get at least a few binaries, or .DLL, files in your bin folder. However, there is more compiling to be done. Normally this would happen when an ASP.NET resource within the web site is request…
cPanel is a Unix based web hosting control panel that provides a graphical interface and automation tools designed to simplify the process of hosting a web site. cPanel utilizes a 3 tier structure that provides functionality for administrators, rese…
Windows 10 is mostly good. However the one thing that annoys me is how many clicks you have to do to dial a VPN connection. You have to go to settings from the start menu, (2 clicks), Network and Internet (1 click), Click VPN (another click) then fi…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question