Add AD User/Group to Local Administrator Group

The script can use either a plain text file containing a list of computername or a computer name as input and will add the trustee (AD user or group) as an administrator to the specified computer(s). The script will report back errors if the account is already a member.

4.2 Star
71,969 times
Add to favorites
E-mail Twitter Digg Facebook
  • runas or like add-admin.ps1 -CurrentAdmin capabilities?
    2 Posts | Last post May 28, 2015
    • I am curious if it's possible to run this as a specific user much like the add-admin.ps1 script on the Technet does?  I have tried and failed to add that functionality to this utility but I'm afraid I'm just not very versed in Powershell...
    • Hello Dewplex,
      I am unsure what you mean, do you mean running this script with a different set of credentials? If that is what you want you could run this script using a PowerShell session, or by using Invoke-Command.
  • unexpected token error
    1 Posts | Last post November 06, 2014
    • Hello Jaap,
      I am trying to run the script but got this error:
      PS C:\Users\aarwf\documents> ".\Set-ADAccountasLocalAdministrator.ps1" -Computer -Trustee NIH\irtsecurefusion
      At line:1 char:43
      + ".\Set-ADAccountasLocalAdministrator.ps1" -Computer -Trustee NIH\irt ...
      +                                           ~~~~~~~~~
      Unexpected token '-Computer' in expression or statement.
      At line:1 char:53
      + ".\Set-ADAccountasLocalAdministrator.ps1" -Computer -Trustee NIH\irt ...
      +                                                     ~~~~~~~~~~~
      Unexpected token '' in expression or statement.
          + CategoryInfo          : ParserError: (:) [], ParentContainsErrorRecordException
          + FullyQualifiedErrorId : UnexpectedToken
      Can you please help?
  • Why doesn't your script work?
    1 Posts | Last post October 28, 2014
    • Ran your script and got:
      PS C:\Users\vision\Desktop> .\Set-ADAccountasLocalAdministrator.ps1 -Trustee vision
      C:\Users\vision\Desktop\Set-ADAccountasLocalAdministrator.ps1 : Parameter set cannot be resolved using the specified named parameters.
      At line:1 char:1
      + .\Set-ADAccountasLocalAdministrator.ps1 -Trustee vision
      + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
          + CategoryInfo          : InvalidArgument: (:) [Set-ADAccountasLocalAdministrator.ps1], ParameterBindingException
          + FullyQualifiedErrorId : AmbiguousParameterSet,Set-ADAccountasLocalAdministrator.ps1
  • Port requirements for running the script
    1 Posts | Last post July 17, 2014
    • Hi Jaap,
      May I know the port requirements for running this script? Lets say the local and target machines are on different subnets with a physical firewall in between?
      Many thanks.
  • How to delete users from local group
    1 Posts | Last post May 15, 2014
    • Hi Jaap,
      Your script to add users to the Local Admin group worked great.  How would I go about changing it to Remove Users from Local Admin group?
  • Add AD user from a text/csv file based on computername
    11 Posts | Last post March 21, 2014
    • Hi There Jaap,
      Here is my situation. Hope you can help me. I have a file that has the MAC addresses, Computernames and AD usernames. Once the laptop has joined the domain I would like to run this script where it checks the above text/csv file and adds the corresponding user (based on the computername) to the local admins group on the laptop.
      Hope this makes sense.
      Would love it if you can help out.
    • Sure that seems relatively simple, what you can do is the following assuming you have a csv file with columns named computername and username, if not change it accordingly:
      Import-Csv -Path InputForLocalAdmins.csv | ForEach-Object {
         .\Set-ADAccountasLocalAdministrator.ps1 -Computer $_.computername -Trustee $_.username
    • Sorry Jaap,
      Does that mean I put in the above code at the top of the script file and then run it?
    • Assuming you are in the same folder as the script you can just run the code. If you are not in the same folder you should enter the complete path of the Set-ADAccountasLocalAdministrator script.
    • Hi Jaap,
      Thanks very much for your help. Unfortunately powershell scripts have been disabled on the computers. I dont know if its a GP or something else like me not enabling PS1. Either way I was wondering if you can convert it to VBScript. I know they work. So that I can still use a csv file to import the data.
      Thanks heaps mate.
    • Assuming you have domain administrative credentials you could create an OU that has policy inheritance blocked and place the computer object of your management server in there. This will allow you to execute the script. You could also check if the PowerShell execution policy is set to the correct level, verify this by typing the following:
      Set-ExecutionPolicy Unrestricted -Force
      Although it is possible to do this in vbscript I would advise getting PowerShell up and running in your environment as it is an order of magnitude more useful in a corporate environment.
    • Hi Jaap,
      Great got. Powershell working yeah!!! Thanks mate 
      "Set-ExecutionPolicy Unrestricted -Force"
      Now I come across another problem. When I run it, it sits and tries to add the usernames to their corresponding computers in the csv file around the network. Is there a way to only detect the local computerName and add the relavant userName to this current computer. 
      Thanks Jaap
    • Yes you could, depending on the list of user names you would like to add to the local computer you could do something along these lines:
      Import-Csv -Path InputForLocalAdmins.csv | ForEach-Object {
         .\Set-ADAccountasLocalAdministrator.ps1 -Computer $env:computername -Trustee $_.username
      This will add all usernames listed in the csv file to the current computer. I am using the environment variable computername to determine the local computer name. Is that what you meant?
    • Sorry Jaap,
      That's not what I require. If for instance there are 100 laptops and 100 users. I would like each of the laptops to have it's corresponding user as the local administrator. I might only issue 1 or 2 laptops each month and will not know the username of the next user that will have the next laptop. The reaon why I want the names there is that when I re-image(Ghost) the laptop, the user details for that particular laptop will be retireved from the .csv file. So I dont want the script to add the all user details to all the laptops at one run, but at different runs when needed.
      computername	username
      Laptop001	User1
      Laptop002	User2
      Laptop003	User3
      Laptop004	User4
      Laptop005	User5
      Hope this makes sense. 
      Thank you so much
    • Yes that makes sense, then you can change the code to look like this:
      Import-Csv -Path InputForLocalAdmins.csv | ForEach-Object {
         .\Set-ADAccountasLocalAdministrator.ps1 -Computer $_.computername -Trustee $_.username
      How does that work for you?
    • Hi Japp!
      I'm trying to do that with a CSV file 20 laptops and 20 different users but when I run the script, I can read "Please Input Trustee" and then "Please Imput computer name" and regarding your explanation, I understand that the proccess has to be automatic. That's correct? so I don't understand where is failing.
      CSV is so
      Computername		Username
      Computer1		8146
      Computer1	7023
      Computer1		7472
      Computer1		c2357
      Computer1		c301a
      Computer1		c243o
      Computer1		c301d
      Computer1		c3553
      Computer1		c327f
      Computer1		c343c
  • What code should I put in the script?
    1 Posts | Last post March 19, 2014
    • Good afternoon, 
      I'm new in the management of scripts, and I would do this test with your script that looks sensational. Well, how do I run it in a GPO? and what parameters should I put in the file to make it work? 
      Thanks and I await response.
  • How can i run using a local admin accounts credentials on a remote machine
    1 Posts | Last post February 25, 2014
    • I have a situation where i need to re add a domain administrative account to the local administrators group on a remote computer where i know the local admin account credentials, can i accomplish this using your script
  • Please correct your script name and description
    1 Posts | Last post January 14, 2014
    • They are typo mistakes in your script description
      The script name should "Set-ADAccountasLocalAdministrator.ps1", not "Get-Set-ADAccountasLocalAdministrator.ps1.ps1". They are also located in this page and the content of the script description.
  • Adding the helpdesk domain user to local admin user group
    2 Posts | Last post January 14, 2014
    • Hi Jaap-
      I would like to know how to add the helpdesk domain user to the local admin security group on my domain? I get the following error.
      The term 'Get-Set-ADAccountasLocalAdministrator.ps1.ps1' is not recognized as the name of a cmdlet, function, script fi
      le, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and
       try again.
      At line:1 char:46
      + Get-Set-ADAccountasLocalAdministrator.ps1.ps1 <<<<  -Computer hyvjvm1 -Trustee progenics\helpdesk
          + CategoryInfo          : ObjectNotFound: (Get-Set-ADAccou...strator.ps1.ps1:String) [], CommandNotFoundException
          + FullyQualifiedErrorId : CommandNotFoundException
    • Because it is a typo mistake in his script
      The script name should "Set-ADAccountasLocalAdministrator.ps1", not "Get-Set-ADAccountasLocalAdministrator.ps1.ps1"
31 - 40 of 52 Items