How to Add Domain Account on Local Administrator Group
Hi Member,
I am going to perform intraforest migration and i m using ADMT V3.2
For ADMT V3.2 there is below mention requirement
I need to add target "admin" id on every local machine administrator group to fullfill this requirment of Active directory migration i found one way which is restricted group feature but problem is that we have some users whose are on this local administrator group already on local machines because some applications need admin rights so kindly tell me any idea how can i add my target domain user to local machine administrator group
Thanks & Regards
Osama Mansoor
I am going to perform intraforest migration and i m using ADMT V3.2
For ADMT V3.2 there is below mention requirement
I need to add target "admin" id on every local machine administrator group to fullfill this requirment of Active directory migration i found one way which is restricted group feature but problem is that we have some users whose are on this local administrator group already on local machines because some applications need admin rights so kindly tell me any idea how can i add my target domain user to local machine administrator group
Thanks & Regards
Osama Mansoor
Instead, there is a much easier way to accomplish what you want:
Set a startup script in group policy with the following line:
NET localgroup Administrators /add "domain_name\domain_group
That's it....the next time the computers are started, the group will be added to the local admin group.
Instead of group you can mention userid as below
NET localgroup Administrators /add "domain_name\domain_Userid
You can also use restricted group GPO,refer this link:http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
Hope this helps
Set a startup script in group policy with the following line:
NET localgroup Administrators /add "domain_name\domain_group
That's it....the next time the computers are started, the group will be added to the local admin group.
Instead of group you can mention userid as below
NET localgroup Administrators /add "domain_name\domain_Userid
You can also use restricted group GPO,refer this link:http://www.windowsecurity.com/articles/Using-Restricted-Groups.html
Hope this helps
ASKER
Members,
I have Tried to through restricted group but problem is that some users who have added in administrator group of local machine removed after applying restricted group GPO
and
NET localgroup Administrators /add "domain_name\domain_Userid
Save as localadmin.bat
and add on startup script but not working
Kindly Help ?
Regards,
Osama Mansoor
I have Tried to through restricted group but problem is that some users who have added in administrator group of local machine removed after applying restricted group GPO
and
NET localgroup Administrators /add "domain_name\domain_Userid
Save as localadmin.bat
and add on startup script but not working
Kindly Help ?
Regards,
Osama Mansoor
You can configure the GPPrefs to add, change membership, or even remove all users in the group.
Philip
Philip
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks For you Always Help But my problem resolved by Following method
Using GPO From Target Domain :
The command for the batch file that would be the startup script would be:
net localgroup administrators DOMAIN\UserName /add
Save as VBScript.bat
Thanks
Using GPO From Target Domain :
The command for the batch file that would be the startup script would be:
net localgroup administrators DOMAIN\UserName /add
Save as VBScript.bat
Thanks
Group Policy Client Side Extensions need to be installed on Vista and below to accept the GPPref delivered changes.
It is a machine level GPPref so GPUpdate /Force plus reboot or 90 minutes to take plus a reboot.
Philip