Add members to local group of remote computers using power shell.

Hi,

I need to add a AD group to a local group (Remote Desktop User) of a lot of servers.

Can I use power shell to read a file with list of servers and add a domain group to the Remote Desktop Users (local group) of each of the server in the list?

Thanks.
nav2567Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Steven CarnahanNetwork ManagerCommented:
Microsoft TechNet has a script to add an AD User/Group to local administrators group that you can probably modify:

https://gallery.technet.microsoft.com/scriptcenter/Add-AD-UserGroup-to-Local-fe5e9239
CotillionCommented:
Wouldn't it be easier to do that via GPO and just deploy it to the servers you need?
LearnctxEngineerCommented:
Hopefully you're running an Active Directory domain. If you are then doing this using PowerShell is a terrible idea. If you're not, well than PowerShell might be your only option. If you are running Active Directory you should be looking at using a GPO to manage local groups on servers. Its very easy to do.

Someone has written an article here on EE, it's not the best so I would suggest following some guides on Petri.com. There are 2 ways to do this using GPO's:

1. Restricted Groups: https://www.petri.com/manage-local-active-directory-groups-using-group-policy-restricted-groups
2. Group Policy Preferences (GPP) - the new way: https://www.petri.com/manage-local-active-directory-groups-using-group-policy-preferences
nav2567Author Commented:
Learnctx, we cannot use GP in this case.  

Pony10us, your solution is close but we will need a script to read file server file and process the ADD.
Steven CarnahanNetwork ManagerCommented:
Perhaps something like this:

1. Create a plain text file called grouplist.txt that has each group you want to add on a separate line.
2. Create a plain text file called serverlist.txt that has each server you want to add to on a separate line.
3. Edit the 1st and 2nd line to point to where the files are located from step 1 and 2.

$ADGroups = "c:\grouplist.txt"
$servers = "c:\serverlist.txt"
$objUser = [ADSI]("WinNT://DOMAIN/$ADGroups")
$objGroup = [ADSI]("WinNT://$servers/Remote Desktop Users")
$objGroup.PSBase.Invoke("Add",$objUser.PSBase.Path)

Open in new window


Be sure and test first.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.