Submitted By: Anonymous Submission

Adds a user or domain group to a local group by referencing the SID of the object being added. Note that there is no validation of the SID at runtime.

Visual Basic
Edit|Remove
On Error Resume Next

Const ERR_ALREADY_MEMBER=&h80070562

strComputer = "."
strGroup = "Administrators"
'replace SID below with SID of user to add
strSID = "S-1-5-21-123456789-876543210-975318642-12345"

Set objUser=GetObject("WinNT://" & strSID)
If Err Then
	WScript.StdErr.Write "ERROR: Invalid SID " & strSID & VbCrLf
	WScript.Quit 1
End If

Set objGroup=GetObject("WinNT://" & strComputer & "/" & strGroup & ",group")
If Err Then
	WScript.StdErr.Write "ERROR: Can't open group " & strComputer & "\" & strGroup & ": 0x" & Hex(Err.Number) & vbCrLf
	WScript.Quit 1
End If

objGroup.Add objUser.ADsPath
If Err Then
	If Err.Number = ERR_ALREADY_MEMBER Then
		WScript.StdErr.Write "ERROR: SID " & strSID & " is already a member of " & strComputer & "\" & strGroup & VbCrLf
	Else
		WScript.StdErr.Write "ERROR: Can't add SID " & strSID & ":  0x" & Hex(Err.Number) & VbCrLf
	End If
Else
	WScript.StdErr.Write "Success: Added " & strSID & " to " & strComputer & "\" & strGroup & VbCrLf
End If