How to add domain group to a member server's local group using commandline, PowerShell, or scripting?
Points of My Scenario:
1. I must ensure a specific domain local Active Directory group is added to the local Administrators group of many member servers.
2. I must not use Restricted Groups or any other group policy option to accomplish this task (for organization reasons).
3. I have a text file list of servers to work on.
4. I don't want to have to logon to each Windows server. I would like configure all servers from one logon session.
QUESTION: How can I add the domain local group to the local administrators group of specified member servers using the command line, PowerShell, or related script?
ASKER
I keep getting the error:
"NET LOCALGROUP
[groupname [/COMMENT:"text"]] [/DOMAIN]
groupname {/ADD [/COMMENT:"text"] | /DELETE} [/DOMAIN]
groupname name [...] {/ADD | /DELETE} [/DOMAIN]"
I searched the command net localgroup to verify the syntax. Nothing works.
I am using a Windows Server 2008 R2 computer.
"NET LOCALGROUP
[groupname [/COMMENT:"text"]] [/DOMAIN]
groupname {/ADD [/COMMENT:"text"] | /DELETE} [/DOMAIN]
groupname name [...] {/ADD | /DELETE} [/DOMAIN]"
I searched the command net localgroup to verify the syntax. Nothing works.
I am using a Windows Server 2008 R2 computer.
Net localgroup administrators /add addomain\groupname
This has to be in an elevated command window.
This has to be in an elevated command window.
ASKER
1. I am using only elevated command window
2. The Active Directory group I'm attempting to add is a domain-local group...
Does that make a difference?
2. The Active Directory group I'm attempting to add is a domain-local group...
Does that make a difference?
ASKER
The name of the AD group I am attempting to add:
1. has hypens
2. has underscores
3. is 36 characters long ('addomain' not included in this count of characters)
When I created 2 test AD groups (named globalgroup and dlgroup: global & domain local, respectively), it worked!
QUESTION: How do I get this command to work given the attributes of the AD group name?
==> NOTE: I am not allowed to change the group naming convention.
1. has hypens
2. has underscores
3. is 36 characters long ('addomain' not included in this count of characters)
When I created 2 test AD groups (named globalgroup and dlgroup: global & domain local, respectively), it worked!
QUESTION: How do I get this command to work given the attributes of the AD group name?
==> NOTE: I am not allowed to change the group naming convention.
Surround the group name to be added in quotes.
net localgroup /add administrators "addomain\group-name"
net localgroup /add administrators "addomain\group-name"
ASKER
1. I tried the quotes (net localgroup /add administrators "addomain\group-name"): no success
2. I tried the PowerShell option: error = "Add-LocalGroupMember: The term 'Add-LocalGroupMember' is not recognized as the name of a cmdlet, function, script file, or operable program..."
2. I tried the PowerShell option: error = "Add-LocalGroupMember: The term 'Add-LocalGroupMember' is not recognized as the name of a cmdlet, function, script file, or operable program..."
ASKER
Additional Note: I tried the PowerShell option on Windows Server 2012 R2. I also tried the net localgroup on this 2012 R2 server.
Do you get an error?
If you run
net localgroup administrators
It will list the members of the group.
If you run
net localgroup administrators
It will list the members of the group.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Amazing! Works BEAUTIFULLY! I bow in thanks, oBdA!
Net localgroup /add administrators addomain\groupname
Using restricted group member off is the best way.
Powershell scripts using wmi connection that iterate through your server list...
The connection has to have the requisite rights to add, administer.