Solved

Add Domain group AND domain user to LOCAL Admin group

Posted on 2006-06-21
1
1,054 Views
Last Modified: 2012-06-27
First off, I am not very good at scripting at all but need some help with this task.

I have the following scenario:

1.) I image a new PC (not joined to domain at all yet)
2.) Boot it up for the first time
3.) I have a script that adds the PC to our domain, and it WORKS FINE (see below)

***********************************************
Const JOIN_DOMAIN = 1
Const ACCT_CREATE = 2
Const ACCT_DELETE = 4
Const WIN9X_UPGRADE = 16
Const DOMAIN_JOIN_IF_JOINED = 32
Const JOIN_UNSECURE = 64
Const MACHINE_PASSWORD_PASSED = 128
Const DEFERRED_SPN_SET = 256
Const INSTALL_INVOCATION = 262144
 
strDomain = "MYDOMAIN"
strPassword = "23409843"
strUser = "secretadmin"
 
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName
 
Set objComputer = GetObject("winmgmts:{impersonationLevel=Impersonate}!\\" & _
    strComputer & "\root\cimv2:Win32_ComputerSystem.Name='" & _
        strComputer & "'")
 
ReturnValue = objComputer.JoinDomainOrWorkGroup(strDomain, _
    strPassword, strDomain & "\" & strUser, NULL, _
        JOIN_DOMAIN + ACCT_CREATE)

********************************************



4.) I now want to script the adding of the DOMAIN USER & DOMAIN GROUPS to the LOCAL ADMINISTRATOR group. The problem I am having is that the script below does not have rights to add the DOMAIN info to the LOCAL group.



*****************************************


On Error Resume Next

'get main objects/variables
Set ws = WScript.CreateObject ( "WScript.Shell" )
compname = ws.ExpandEnvironmentStrings ( "%COMPUTERNAME%" )
Set adGrp = GetObject ( "WinNT://" & compname & "/Administrators,group" )

'add domain groups to local admin group
adGrp.Add ( "WinNT://MYDOMAIN/_Help Desk,group" )
adGrp.Add ( "WinNT://MYDOMAIN/_Micro Support,group" )

'handle errors
If (Err.Number <> 0) Then
strError = "AddAdmins.vbs was unable to add the specified groups to the local Administrators group."
strError = strError & vbCrLf & vbCrLf
strError = strError & "Error #: " & Err.Number & vbCrLf
strError = strError & "Source: " & Err.Source & vbCrLf
strError = strError & "Description: " & Err.Description & vbCrLf
ws.LogEvent 1, strError
Else
ws.LogEvent 0, "The local Administrators group was successfully updated."
End If

****************************************

How do I modify the script above to use the proper credentials to properly add the accounts to the LOCAL administrators group AND also to add a DOMAIN USER to the group as well? An input box could work for asking for the users' domain logon...but I have no idea how to accomplish this.
0
Comment
Question by:ViperZ2000
1 Comment
 
LVL 16

Accepted Solution

by:
craylord earned 500 total points
ID: 16963243
Under what credentials is the script being run? For it to query the domain you need to use domain credentials.
This can also be applied using the net localgroup command.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
C Drive Read / Write 10 132
getting access to all the files on an NTFS drive from an old machine 3 124
WinXP Unable to Print 4 98
RemoteApp Printing 5 97
Ok I have been working on this for some time having learned and gained certification in XenDesktop 4 along came version 5 which was released last month. Since then I have been working to deploy XenDesktop 5 in a small environment with only 2 virt…
Issue: Unstable cursor in Windows XP and Windows runs extremely slow in that any click will bring up the Hour glass (sometimes for several seconds before giving you what you want) . Troubleshooting Process and the FINAL FIX: This issue see…
Need to grow your business through quality cloud solutions? With everything required to build a cloud platform and solution, you may feel like the distance between you and the cloud is quite long. Help is here. Spend some time learning about the Con…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now