Add domain group to localgroup

Im trying to add a group of users into the local administrators group of workstations. The group on the domain is called "CDG - Admins", the domain is called DOM1, so I thought I could use the command:-
net localgroup administrators "DOM\GDG - Admins" /add

Open in new window


But all I get is the syntax print:-

The syntax of this command is:

NET LOCALGROUP
[groupname [/COMMENT:"text"]] [/DOMAIN]
              groupname {/ADD [/COMMENT:"text"] | /DELETE}  [/DOMAIN]
              groupname name [...] {/ADD | /DELETE} [/DOMAIN]

Any ideas what Im doing wrong?
tonelm54Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hello ThereSystem AdministratorCommented:
Use Add-LocalGroupMember cmdlet to achieve what you want.

Example:
Add-LocalGroupMember -Group 'Testgroup' -Member ('Users','Dan','Remote Desktop Users')  -Verbose


You can also use GPO to add any domain group to local admin group. HERE
0
Hello ThereSystem AdministratorCommented:
Another example:
Add a Domain Group to the Local Administrators Group
$DomainGroup = "GroupName"
$LocalGroup  = "Administrators"
$Computer    = $env:computername
$Domain      = $env:userdomain
([ADSI]"WinNT://$Computer/$LocalGroup,group").psbase.Invoke("Add",([ADSI]"WinNT://$Domain/$DomainGroup").path)

Open in new window

0
tonelm54Author Commented:
Cant use powershell due to restrictions on the domain :-(
1
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

tonelm54Author Commented:
I can add the group in through computer management, just fed up of doing this, and wanted a command to do it
0
Dariusz TykaICT Infrastructure Specialist Senior Commented:
You may try
net localgroup administrators /ADD groupname "DOM\GDG - Admins" or
net localgroup administrators /ADD groupname "GDG - Admins@yourdomain.com"
0
Hello ThereSystem AdministratorCommented:
As I posted, you can use Group Policy...
0
Shaun VermaakTechnical Specialist/DeveloperCommented:
Instead of GPO restricted groups, I would use GPO preferences. Process in this article
https://www.experts-exchange.com/articles/29596/Securing-Active-Directory-Administrators-Groups.html
0
tonelm54Author Commented:
Dont have access to group policy either :-S
1
Hello ThereSystem AdministratorCommented:
You cannot do it without domain admin account permissions. Are you even admin?
0
Lee W, MVPTechnology and Business Process AdvisorCommented:
You cannot do it without domain admin account permissions. Are you even admin?
You don't need domain admin permissions to add to a domain group to a local group.  BUT you DO Need local admin rights.

Try it without specifying the domain.  Also keep in mind, when using net localgroup, you are limited to groups with 20 characters or less.
You've given an example, but your example may not be the same that you're executing.  Posting a screenshot would be better.
https://support.microsoft.com/en-us/help/324639/net-exe-add-command-does-not-support-names-longer-than-20-characters
0
Ben Personick (Previously QCubed)Lead Network EngineerCommented:
So you shouldn't need the domain as you have in your command.

The following should work correctly

NET LOCALGROUP administrators "GDG - Admins" /add

Open in new window


ALSO: Make sure you have the CN of the group, NOT the Display name, (Specifically use the "Pre-Windows 2000" version of the name which is shortened to be workable with the command)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ben Personick (Previously QCubed)Lead Network EngineerCommented:
Hey tonelm54,

  Glad to help :)
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 10

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.