Add AD User/Group to Local Administrator Group

The script can use either a plain text file containing a list of computername or a computer name as input and will add the trustee (AD user or group) as an administrator to the specified computer(s). The script will report back errors if the account is already a member.

4.2 Star
71,968 times
Add to favorites
E-mail Twitter Digg Facebook
  • Looking for remove profile from multiple servers except user from Administrator group
    1 Posts | Last post December 17, 2016
    • Hi Jaap,
      I am looking for remove profile script which delete all profile except users who belongs to administrators of that server.
      I have one script but does not exclude administrators group from remote server.
      Could you please help me in this case?
      Thank You.
  • Generating Output File
    1 Posts | Last post November 15, 2016
    • Dear Japp, 
      First off, thanks for the script. Works great and is making management so much better.  I was trying to pipe the output to a text file. The file gets created, but the results are not recorded.  Here is my synxtax:
      .\Set-ADAccountasLocalAdministrator.ps1 -InputFile D:\BDOC\SQLServers.txt -Trustee\svccmvsqlb > D:\BDOC\Results.txt
      Can the results be outputted this way, or does that need to be defined in the .ps1 file itself? 
      Thank You
  • Single line command to remove AD group from local admin
    1 Posts | Last post November 07, 2016
    • Dear Japp,
      I would required your help.. I need to remove one AD group from the local administrator of a server. I need a power shell command for that. I tried the below. But didn't worked :-( 
      " .\Set-ADAccountasLocalAdministrator.ps1 -Computer -Trustee E3027081 "
      Can you please help me on this regards.
      Thanks in advance.
      Naveen M
  • AutoSelect Computer Name & Hard Code group
    2 Posts | Last post September 07, 2016
    • Jaap - this script is perfect. Just wanted to ask how I would go about hard coding the AD Group and auto-input for the computer name as the device that I am running this on. 
      Looking to apply this script as part of an imaging process step. 
      Thank you,
    • Hello Jeremiah,
      If you want to add the same user group to any computer that is deployed you could run the script as such:
      .\Set-ADAccountasLocalAdministrator.ps1.ps1 -Computer $env:computername -Trustee Contoso\JaapBrasser
      Note that this would only work if the computer is already domain joined. If you would like to hardcode this into the script you could remove line 47-50 and change line 52 and 54 to this:
              $Computer = $env:computername,
              $Trustee = 'contoso\jaapbrassser'
      Let me know how that works for you.
      Jaap Brasser
  • "The network path was not found." Need help troubleshooting
    4 Posts | Last post August 23, 2016
    • Hello Mr. Brasser,
      I'm getting the connectivity issue (WARNING: The following exception occurred while retrieving member "add": "The network path was not found.") but I can't seem to hone in on the cause. I've tried disabling the firewall as well as enabling PS remoting on both machines. I can also ping the hostname and IP without issue. Could I use the IP instead of the hostname in your script? Your script works when I run it locally using my hostname as the computer name, but when I try it on a different machine on the domain it throws that error.
      I am running a script test.ps1 (which is Set-ADAccountasLocalAdministrator.ps1) from a different script. But basically, I have this line where I need the user to be made localadmin on the computer. $PSDir is the parent directory of test.ps1 and hostname and username are global vars.
      Invoke-Expression "$PSDir\test.ps1 -Computer $Global:hn -Trustee $Global:user"
      Any ideas you have would be incredibly helpful!
      Thank you,
    • Hello Don,
      This error seems to be a connectivity issue, so for the other computer can you verify the following:
      - Is it on the same subnet
      - Is there a firewall on active on either system that might be blocking this traffic
      - Can you ping the system
      - Can you run any other cmdlet against this system (for example run: Get-Service -ComputerName YourOtherComputer)
      Let me know the results and perhaps we can pinpoint what the problem is exactly.
      Jaap Brasser
    • Hello Mr. Brasser,
      1. Is it on the same subnet - Yes on the same subnet.
      2. Is there a firewall on active on either system that might be blocking this traffic - YES but it is off for testing.
      3. Can you ping the system - Yes I can ping the system! (I can also remote into the system via RDC)
      4. Can you run any other cmdlet against this system (for example run: Get-Service -ComputerName YourOtherComputer) - No when I run this I get this:
      Get-Service : Cannot open Service Control Manager on computer 'machine2'.
      This operation might require other privileges.
      At C:\Users\******\Desktop\makeAdminv3.ps1:88 char:1
      + Get-Service -ComputerName $Global:hn
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : NotSpecified: (:) [Get-Service], InvalidOperatio
          + FullyQualifiedErrorId : System.InvalidOperationException,Microsoft.Power
      Thank you,
    • This seems to be a privileges issue. So what is the relation between the system that you are running this on and which you want to add the administrative user on. Are they both members of the same domain? If so make sure you use an account that has administrative privileges on the target machine to execute this script to ensure that it works.
      Jaap Brasser
  • How to add multiple users ?
    2 Posts | Last post August 22, 2016
    • The scripts works excellently for me. But how to add multiple users to this?
    • You could run through a loop with the script, for example:
      'user1','user2','user3' | ForEach-Object {.\Set-ADAccountasLocalAdministrator.ps1.ps1 -Computer Server01 -Trustee $_}
      Let me know how that works out for you!
  • Using same script to remove user
    4 Posts | Last post August 15, 2016
    • Excellent script works great, how can I use the same script to remove the user? I was trying to make some changes but had no success.
      Many Thanks
    • Hello Jawano,
      I have uploaded an updated version of this script that also allows for deletions. Have a look at the following script:
    • Many Thanks ...
    • No problem jawano, let me know if you have any feedback on the new script.
      Jaap Brasser
  • Can this be amended to add users to Remote Desktop Users group?
    2 Posts | Last post July 28, 2016
    • Can this script be amended to add users to the remote desktop users group? 
    • Sure, I created an updated version of this script, Add-ADaccounttoRDPUser:
      Let me know how that works for you and feel free to leave comments on it over there.
      Jaap Brasser
  • Not recognized as a cmdlet, function, etc...
    3 Posts | Last post July 19, 2016
    • I've tried running this several times (trying to add an AD group to the local admin group), but get the following error:
      Set-ADAccountasLocalAdministrator.ps1 -InputFile "C:\camservers.txt" -Trustee "mydomain\Camera Server Admins"
      Set-ADAccountasLocalAdministrator.ps1 : The term 'Set-ADAccountasLocalAdministrator.ps1' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path 
      is correct and try again.
      At line:1 char:1
      + Set-ADAccountasLocalAdministrator.ps1 -InputFile "C:\camservers.txt"  ...
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : ObjectNotFound: (Set-ADAccountasLocalAdministrator.ps1:String) [], CommandNotFoundException
          + FullyQualifiedErrorId : CommandNotFoundException
      Any assistance is appreciated!
    • Never mind, I answered my own question - I didn't define it in my current working directory.
    • Excellent, thanks for checking back J. Ellington and I hope you enjoy using the script!
      Jaap Brasser
  • space in domain name
    3 Posts | Last post July 13, 2016
    • Hello,
      What about if we have a space in domain group name ?
      Set-ADAccountasLocalAdministrator.ps1 : A positional parameter cannot be found that a
      ccepts argument 'XXX'.
      At line:1 char:40
      + .\Set-ADAccountasLocalAdministrator.ps1 <<<<  -Computer YYY -Trustee AD\Domain-DL XXX
          + CategoryInfo          : InvalidArgument: (:) [Set-ADAccountasLocalAdministrator.ps1], ParameterBindingException
          + FullyQualifiedErrorId : PositionalParameterNotFound,Set-ADAccountasLocalAdministrator.ps1
    • Sorry,
      there was no question :) 
      "AD\Domain-DL XXX"
    • No problem, indeed in PowerShell if you have spaces in in an argument you wish to pass into a parameter you have a number of options:
      .\Set-ADAccountasLocalAdministrator.ps1 -Computer YYY -Trustee "AD\Domain-DL XXX"
      .\Set-ADAccountasLocalAdministrator.ps1 -Computer YYY -Trustee 'AD\Domain-DL XXX'
      .\Set-ADAccountasLocalAdministrator.ps1 -Computer YYY -Trustee AD\Domain-DL` XXX
      $Trustee='AD\Domain-DL XXX';.\Set-ADAccountasLocalAdministrator.ps1 -Computer YYY -Trustee $Trustee
11 - 20 of 52 Items