Add domain group to localgroup

Im trying to add a group of users into the local administrators group of workstations. The group on the domain is called "CDG - Admins", the domain is called DOM1, so I thought I could use the command:-
net localgroup administrators "DOM\GDG - Admins" /add

Open in new window


But all I get is the syntax print:-

The syntax of this command is:

NET LOCALGROUP
[groupname [/COMMENT:"text"]] [/DOMAIN]
              groupname {/ADD [/COMMENT:"text"] | /DELETE}  [/DOMAIN]
              groupname name [...] {/ADD | /DELETE} [/DOMAIN]

Any ideas what Im doing wrong?
tonelm54Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Hello ThereSystem AdministratorCommented:
Use Add-LocalGroupMember cmdlet to achieve what you want.

Example:
Add-LocalGroupMember -Group 'Testgroup' -Member ('Users','Dan','Remote Desktop Users')  -Verbose


You can also use GPO to add any domain group to local admin group. HERE
Hello ThereSystem AdministratorCommented:
Another example:
Add a Domain Group to the Local Administrators Group
$DomainGroup = "GroupName"
$LocalGroup  = "Administrators"
$Computer    = $env:computername
$Domain      = $env:userdomain
([ADSI]"WinNT://$Computer/$LocalGroup,group").psbase.Invoke("Add",([ADSI]"WinNT://$Domain/$DomainGroup").path)

Open in new window

tonelm54Author Commented:
Cant use powershell due to restrictions on the domain :-(
The 7 Worst Nightmares of a Sysadmin

Fear not! To defend your business’ IT systems we’re going to shine a light on the seven most sinister terrors that haunt sysadmins. That way you can be sure there’s nothing in your stack waiting to go bump in the night.

tonelm54Author Commented:
I can add the group in through computer management, just fed up of doing this, and wanted a command to do it
Dariusz TykaICT Infrastructure Specialist Senior Commented:
You may try
net localgroup administrators /ADD groupname "DOM\GDG - Admins" or
net localgroup administrators /ADD groupname "GDG - Admins@yourdomain.com"
Hello ThereSystem AdministratorCommented:
As I posted, you can use Group Policy...
Shaun VermaakTechnical SpecialistCommented:
Instead of GPO restricted groups, I would use GPO preferences. Process in this article
https://www.experts-exchange.com/articles/29596/Securing-Active-Directory-Administrators-Groups.html
tonelm54Author Commented:
Dont have access to group policy either :-S
Hello ThereSystem AdministratorCommented:
You cannot do it without domain admin account permissions. Are you even admin?
Lee W, MVPTechnology and Business Process AdvisorCommented:
You cannot do it without domain admin account permissions. Are you even admin?
You don't need domain admin permissions to add to a domain group to a local group.  BUT you DO Need local admin rights.

Try it without specifying the domain.  Also keep in mind, when using net localgroup, you are limited to groups with 20 characters or less.
You've given an example, but your example may not be the same that you're executing.  Posting a screenshot would be better.
https://support.microsoft.com/en-us/help/324639/net-exe-add-command-does-not-support-names-longer-than-20-characters
Ben Personick (Previously QCubed)Lead Network EngineerCommented:
So you shouldn't need the domain as you have in your command.

The following should work correctly

NET LOCALGROUP administrators "GDG - Admins" /add

Open in new window


ALSO: Make sure you have the CN of the group, NOT the Display name, (Specifically use the "Pre-Windows 2000" version of the name which is shortened to be workable with the command)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ben Personick (Previously QCubed)Lead Network EngineerCommented:
Hey tonelm54,

  Glad to help :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 10

From novice to tech pro — start learning today.