Solved

Adding domain user to local administrators group via script

Posted on 2010-08-18
7
559 Views
Last Modified: 2012-05-10
Hi I want to automate a little chore. I have to add a small number of domain users to the local administrators group on a regular basis. This little script does exactly what I need except I have to enter the COMPUTERNAME. Instead I would like it to run on the machine currently on, I will execute this script on the physical machine, no logon scripts or GPO's involved, just off a thumbdrive or something.

strComputer = "COMPUTERNAME"
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
Set objUser = GetObject("WinNT://domain/userid")
objGroup.Add(objUser.ADsPath)
strComputer = "COMPUTERNAME"
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
Set objUser = GetObject("WinNT://domain/userid")
objGroup.Add(objUser.ADsPath)

So I want this to run without the need to enter the COMPUTERNAME string.

oh source:

http://blogs.technet.com/b/heyscriptingguy/archive/2004/10/08/how-can-i-add-a-domain-user-to-a-local-administrators-group.aspx

0
Comment
Question by:it_techie
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 83

Expert Comment

by:oBdA
ID: 33465426
Try this:

Set objShell = CreateObject( "WScript.Shell" )

strComputer = objShell.ExpandEnvironmentStrings("%ComputerName%")

Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")

Set objUser = GetObject("WinNT://domain/userid")

objGroup.Add(objUser.ADsPath)

strComputer = "COMPUTERNAME"

Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")

Set objUser = GetObject("WinNT://domain/userid")

objGroup.Add(objUser.ADsPath)

Open in new window

0
 
LVL 2

Accepted Solution

by:
rbartczak earned 250 total points
ID: 33465445
local computer strComputer = "."
0
 
LVL 1

Expert Comment

by:rickardc
ID: 33465510
I do exactly the same.  This is the script I use via a logon script, but it will work equally well by just running it from the machine in question
on error resume next

'option explicit

dim hostname

dim LocalGroup

dim DomainUsername(1)

dim DomainGroupName(1)

dim Domain



LocalGroup="Administrators"									'The local group you need to add users to

DomainName="XXXXXXX ENTER YOUR DOMAIN HERE XXXXXXXXX"										'NETBIOS name of the domain where to get the domain users and groups

'*********************************************************************************************

'												Add as many domain users or groups to these arrays

DomainUsername(1)=""



DomainGroupName(1)="Domain Users"

'DomainGroupName(2)="Contractors"

'*********************************************************************************************



set ws = Wscript.Createobject ("Wscript.Shell")							'Get the hostname of the local PC

Hostname = ws.ExpandEnvironmentStrings("%COMPUTERNAME%")





set ADGroup = GetObject ("WinNT://" & hostname & "/Administrators,group")			'get the local admin group

if err.number <> 0  then

	'msgbox err.description

else

	'msgbox "Got local group"

end if



for i = 1 to ubound(DomainGroupName)								'Add the domain group(s)

	if DomainGroupName(i) <> "" then								

		adgroup.add ("winnt://" & DomainName & "/" & DomainGroupName(i) & ",group")

		'msgbox "winnt://" & DomainName & "/" & DomainGroupName(i) & ",group"

		if err.number <> 0  then

			'msgbox err.description

		else

			'msgbox "added group"

		end if

	end if

next



for i = 1 to ubound(DomainUsername)								'Add the domain user(s)

	if DomainUsername(i) <> "" then	

		adgroup.add ("winnt://" & DomainName & "/" & DomainUsername(i) & ",user")

		'msgbox "winnt://" & DomainName & "/" & DomainUsername(i) & ",user"

		if err.number <> 0  then

			'msgbox err.description

		else

			'msgbox "added user"

		end if

	end if

next

Open in new window

0
 

Author Comment

by:it_techie
ID: 33465711
rbartczak: that works..plain & simple

rickardc:how would that look, with for example domain fabrikam.com and users:

lda24454
nsa45675
ndd36456

Does the extra code give me any added functionality

p.s. by the looks of your script I would still need to enter a computername?
0
 

Author Comment

by:it_techie
ID: 33465813
strComputer = "."
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
Set objUser = GetObject("WinNT://domain/userid")
objGroup.Add(objUser.ADsPath)
strComputer = "."
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")
Set objUser = GetObject("WinNT://domain/userid")
objGroup.Add(objUser.ADsPath)

This crashes if a user is already a member of the administrators group, any way for the script to continue regardless?
0
 
LVL 1

Expert Comment

by:rickardc
ID: 33466149
This line gets the name of the computer you run it on.
Hostname = ws.ExpandEnvironmentStrings("%COMPUTERNAME%")

most of the "extra code" is for error checking.  This script also allows you to add more than one user to the group.  As it is, it will add domain users, and could also add contractors (which is commented out at the moment)
0
 
LVL 83

Assisted Solution

by:oBdA
oBdA earned 250 total points
ID: 33466151
For the sake of completeness: I forgot to remove line 6 ("strComputer = "COMPUTERNAME"") when copying and pasting your script. And assuming you want to add two users, you actually don't need the second "Set ObjGroup=" line, either.
To continue with the script (once you've tested it) add
On Error Resume Next

On Error Resume Next

Set objShell = CreateObject("WScript.Shell")

strComputer = objShell.ExpandEnvironmentStrings("%ComputerName%")

Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators")

Set objUser = GetObject("WinNT://domain/userid")

objGroup.Add(objUser.ADsPath)

Set objUser = GetObject("WinNT://domain/userid")

objGroup.Add(objUser.ADsPath)

Open in new window

0

Join & Write a Comment

Deploying a Microsoft Access application in a Citrix environment is not difficult but takes a few steps. However, Citrix system people are often of little help, as they typically know next to nothing about Access. The script provided here will take …
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now