Local Admin Privilege in Windows 2012 AD

I have an AD in Windows 2012 R2. Need to give few AD users local admin privilege in their local machines without giving admin privilege domainwise. How easy this can be done without going to each and every pc and add them to the local admin group.
shamnadAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Will SzymkowskiSenior Solution ArchitectCommented:
You can accomplish this by using Restricted Groups.

Configure Restricted Groups
https://technet.microsoft.com/en-us/library/cc756802(v=ws.10).aspx

Will.
TemodyPickalbatros, IT ManagerCommented:
You have to do it on the PC locally.  Sign in as Domain admin and right click "(My) Computer" and choose manage.  

Choose Local Users and Groups

Choose Groups

Choose administrators

add the user there
JC2010ceCommented:
you can use this powershell script to create the user "admin" (can be changed) and create a random password.  The script will then email the results to the email addresses you specify.  Note: you will have to enter the "smtp server" "from" and "reply to" information.

pupdate_em.ps1



#password length
$length = 8

$numberOfNonAlphanumericCharacters = 2

#generate password
Add-Type -Assembly System.Web
$rpass = [Web.Security.Membership]::GeneratePassword($length,$numberOfNonAlphanumericCharacters)
#ensure a capital/lower case letters
$capV = "Vv"
$rpass = $capV += $rpass

#determine current computer name
$compname = gc env:computername
Write-Host $compname

#determine if admin account exists
if ([adsi]::Exists(“WinNT://$compname/Admin”))
{
    #if yes, set generated password
    ([adsi]“WinNT://$compname/Admin”).SetPassword(“$rpass”)
}
else
{
    #if not, create "admin" account, add to admin group, set new pass
    $objOu = [ADSI]"WinNT://$compname"
    $objNuser = $objOU.Create("User", "Admin")
    $objNuser.setpassword($rpass)
    $objNuser.SetInfo()
    $group = [ADSI]("WinNT://"+$compname+"/administrators,group")
    $group.add("WinNT://$compname/admin,user")
}

#email results

$smtpserver = ""
$msg = New-Object Net.Mail.MailMessage
$smtp = New-Object Net.Mail.SmtpClient($smtpServer)

$msg.From = ""
$msg.ReplyTo = ""
$msg.To.Add("")
$msg.To.Add("")
$msg.To.Add("")
$msg.subject = "New admin password received"
$msg.body = "$compname
$rpass"

$smtp.Send($msg)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.