Solved

Adding AD users with Local Administrator Rights

Posted on 2012-04-08
9
533 Views
Last Modified: 2012-05-08
Hi Windows Experts,

Can someone provide me the steps on how to assign or provide AD users with Local Admin Rights only? I'm using Windows 2008

Thanks in Advance
0
Comment
Question by:d34dp00l13
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 8

Accepted Solution

by:
big_daddy0690 earned 250 total points
ID: 37821991
0
 
LVL 21

Expert Comment

by:motnahp00
ID: 37822011
You can also try this:

net localgroup Administrators your_ad_account /add
0
 

Author Comment

by:d34dp00l13
ID: 37822032
Thanks big_daddy0690, Is this applicable to 2008? I tried to follow it, but it seems this is for 2003.

Hi motnahp00, where do I execute this? on the AD Server or on the Workstation that I want the AD user to have access rights?
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 21

Expert Comment

by:motnahp00
ID: 37822038
You can execute this from a command line on your applicable workstation or server. It will require an elevated command prompt for you to add an AD user as a local admin.
0
 
LVL 6

Expert Comment

by:jacobstewart
ID: 37822151
Does this need to be done for all users or just a one time thing?
0
 
LVL 21

Expert Comment

by:motnahp00
ID: 37822152
It's on a per user basis.
0
 
LVL 70

Expert Comment

by:KCTS
ID: 37822205
Don't do it on a per-user basis

Create a securiy group - call it something like 'LocalAdminusers'

Then use a restricted group to assign local admin rights to the group as detailed in a previous post (yes it works with 2008)

The advantage of using a group, it that is you want to modify who has local admin rights, all yiu need to do once the policy is in place is to add or remobe uses from the group to grant or demy them local admin rights.
0
 
LVL 21

Expert Comment

by:motnahp00
ID: 37822215
Nesting of domain groups to local groups is not supported with the net command.

Feel free to correct if I'm wrong to include an example.
0
 
LVL 10

Assisted Solution

by:Prashant Girennavar
Prashant Girennavar earned 250 total points
ID: 37822320
To accomplish above you have 2 options,

1. Use Restricted Groups in GPO
2. By the help of Scripts.

Using Restricted Groups in GPO.

 Please follow below link which explains about to use Restricted groups option to add domain users to local administrator account group.

http://www.windowsecurity.com/articles/using-restricted-groups.html

http://myitforum.com/cs2/blogs/rdixon/archive/2008/06/17/how-to-add-domain-accounts-to-local-administrators-group-using-gpo.aspx

Using Powershell Script.
Follow below link which include powershell script.

http://powershell.com/cs/media/p/2325.aspx

http://blogs.technet.com/b/heyscriptingguy/archive/2008/03/11/how-can-i-use-windows-powershell-to-add-a-domain-user-to-a-local-group.aspx

If I was you, then I would have configured Restricted Groups option.

Hope this helps.

Regards,

_Prashant_
0

Featured Post

[Live Webinar] The Cloud Skills Gap

As Cloud technologies come of age, business leaders grapple with the impact it has on their team's skills and the gap associated with the use of a cloud platform.

Join experts from 451 Research and Concerto Cloud Services on July 27th where we will examine fact and fiction.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
Suggested Courses

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question