Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 542
  • Last Modified:

Adding AD users with Local Administrator Rights

Hi Windows Experts,

Can someone provide me the steps on how to assign or provide AD users with Local Admin Rights only? I'm using Windows 2008

Thanks in Advance
0
SandMan
Asked:
SandMan
2 Solutions
 
motnahp00Commented:
You can also try this:

net localgroup Administrators your_ad_account /add
0
 
SandManAuthor Commented:
Thanks big_daddy0690, Is this applicable to 2008? I tried to follow it, but it seems this is for 2003.

Hi motnahp00, where do I execute this? on the AD Server or on the Workstation that I want the AD user to have access rights?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
motnahp00Commented:
You can execute this from a command line on your applicable workstation or server. It will require an elevated command prompt for you to add an AD user as a local admin.
0
 
jacobstewartCommented:
Does this need to be done for all users or just a one time thing?
0
 
motnahp00Commented:
It's on a per user basis.
0
 
KCTSCommented:
Don't do it on a per-user basis

Create a securiy group - call it something like 'LocalAdminusers'

Then use a restricted group to assign local admin rights to the group as detailed in a previous post (yes it works with 2008)

The advantage of using a group, it that is you want to modify who has local admin rights, all yiu need to do once the policy is in place is to add or remobe uses from the group to grant or demy them local admin rights.
0
 
motnahp00Commented:
Nesting of domain groups to local groups is not supported with the net command.

Feel free to correct if I'm wrong to include an example.
0
 
Prashant GirennavarCommented:
To accomplish above you have 2 options,

1. Use Restricted Groups in GPO
2. By the help of Scripts.

Using Restricted Groups in GPO.

 Please follow below link which explains about to use Restricted groups option to add domain users to local administrator account group.

http://www.windowsecurity.com/articles/using-restricted-groups.html

http://myitforum.com/cs2/blogs/rdixon/archive/2008/06/17/how-to-add-domain-accounts-to-local-administrators-group-using-gpo.aspx

Using Powershell Script.
Follow below link which include powershell script.

http://powershell.com/cs/media/p/2325.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2008/03/11/how-can-i-use-windows-powershell-to-add-a-domain-user-to-a-local-group.aspx

If I was you, then I would have configured Restricted Groups option.

Hope this helps.

Regards,

_Prashant_
0

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now