How to add a user or group to the local administrators group on multiple Windows servers using a PowerShell script. It's a common task, you build some new servers, and you have to add an Active Directory group to the local administrators group to grant administrative access to some groups. Usually this is manually done by logging on to each server, opening Computer Management, and adding the group, one server at a time. Brutal.
Why not do it with PowerShell? It's not complicated. We can use the ADSI provider for PowerShell to connect to the local security accounts manager on each server and add a member to the local Administrators group.
The script reads server names from a file, servers.txt. For each server, it connects to the administrators group, and adds a member to it. The script needs to be customized for your environment. Simply replace myDomain with the name of your Active Directory domain, and replace myGroup with the name of the group you want to add.
$servers = Get-Content .\servers.txt "Name`tStatus" | Out-File -FilePath .\results.txt foreach ($server in $servers){ try{ $adminGroup = [ADSI]"WinNT://$server/Administrators" $adminGroup.add("WinNT://myDomain/myGroup") "$server`tSuccess" "$server`tSuccess" | Out-File -FilePath .\results.txt -Append } catch{ "$server`t" + $_.Exception.Message.ToString().Split(":")[1].Replace("`n","") "$server`t" + $_.Exception.Message.ToString().Split(":")[1].Replace("`n","") | Out-File -FilePath .\results.txt -Append } }
Related Posts:
- Backup DFS Namespaces Using PowerShell
- Translate Active Directory Name Formats Using PowerShell
- List Linux Users in Active Directory Using PowerShell
- Enable Trust for Delegation in Active Directory Using PowerShell
- TCP/IP Subnet Math with PowerShell - What AD Site is that Server in?
- List Sites and Subnets in Active Directory with PowerShell
- Find Disabled Users in Active Directory with PowerShell
- List Forest-wide Group Memberships with PowerShell
- Find Old Computer Accounts in AD with PowerShell
- List SPNs in Active Directory with PowerShell
- List Domain Controllers in Active Directory
16 comments:
Nice solution. the piping fails and users will need to change that into a"|". Not sure how the formatting restrictions are here. I had a similar scripts, but your "catch" convinced me.
The following exception occurred while retrieving member "add": "The network path was not found."
At line:6 char:18
+ $adminGroup.add <<<<
Make sure you replace "myDomain" with whatever your domain name is. It looks like it's failing to find your domain.
YOU ARE THE MAN! 583 servers i dont have to touch. worked great TY
I am getting this message:
A member could not be added to or removed from the local group because the member does not exist.
Make sure you're using the correct domain name and group name. There's not much else that could go wrong...
great script, worked great
Great Script!! Appreciated!!
this script works, thank you very much
Also, this script works great for adding users to other local groups when editing line 6:
$adminGroup = [ADSI]"WinNT://$server/Performance Log Users"
THANK YOU!!
Any idea how to remove a user / group from administrators group for multiple server?? Can we append this script with
$adminGroup = [ADSI]"WinNT://$server/Administrators"
$adminGroup.delete("WinNT://myDomain/myGroup")
It's remove not delete. Remove is the correct method to remove a member from a group, so:
$adminGroup.remove("WinNT://myDomain/myGroup")
The script is worked but i am unable save the results, any way thanks a lot
The script should output to results.txt in the current directory where the script is executed. Make sure you have write access to the current directory...
Dang this article is over like 10 years old, and it still worked exactly as I needed, thanks Brian!!
Post a Comment