Add Administrators to Multiple Servers Using PowerShell

How to add a user or group to the local administrators group on multiple Windows servers using a PowerShell script.  It's a common task, you build some new servers, and you have to add an Active Directory group to the local administrators group to grant administrative access to some groups.  Usually this is manually done by logging on to each server, opening Computer Management, and adding the group, one server at a time.  Brutal.

Why not do it with PowerShell?  It's not complicated.  We can use the ADSI provider for PowerShell to connect to the local security accounts manager on each server and add a member to the local Administrators group.

The script reads server names from a file, servers.txt.  For each server, it connects to the administrators group, and adds a member to it.  The script needs to be customized for your environment.  Simply replace myDomain with the name of your Active Directory domain, and replace myGroup with the name of the group you want to add.

$servers = Get-Content .\servers.txt
"Name`tStatus" | Out-File -FilePath .\results.txt
foreach ($server in $servers){
 try{
  $adminGroup = [ADSI]"WinNT://$server/Administrators"
  $adminGroup.add("WinNT://myDomain/myGroup")
  "$server`tSuccess"
  "$server`tSuccess" | Out-File -FilePath .\results.txt -Append
 }
 catch{
  "$server`t" + $_.Exception.Message.ToString().Split(":")[1].Replace("`n","")
  "$server`t" + $_.Exception.Message.ToString().Split(":")[1].Replace("`n","") | Out-File -FilePath .\results.txt -Append
 }
}

16 comments:

Anonymous said...

Nice solution. the piping fails and users will need to change that into a"|". Not sure how the formatting restrictions are here. I had a similar scripts, but your "catch" convinced me.

Anonymous said...

The following exception occurred while retrieving member "add": "The network path was not found."
At line:6 char:18
+ $adminGroup.add <<<<

Brian said...

Make sure you replace "myDomain" with whatever your domain name is. It looks like it's failing to find your domain.

Anonymous said...

YOU ARE THE MAN! 583 servers i dont have to touch. worked great TY

Anonymous said...

I am getting this message:
A member could not be added to or removed from the local group because the member does not exist.

Brian said...

Make sure you're using the correct domain name and group name. There's not much else that could go wrong...

Unknown said...

great script, worked great

Bellgates said...

Great Script!! Appreciated!!

Anonymous said...

this script works, thank you very much

bruceXedwards said...

Also, this script works great for adding users to other local groups when editing line 6:

$adminGroup = [ADSI]"WinNT://$server/Performance Log Users"

Anonymous said...

THANK YOU!!

Anonymous said...

Any idea how to remove a user / group from administrators group for multiple server?? Can we append this script with

$adminGroup = [ADSI]"WinNT://$server/Administrators"
$adminGroup.delete("WinNT://myDomain/myGroup")

Brian said...

It's remove not delete. Remove is the correct method to remove a member from a group, so:

$adminGroup.remove("WinNT://myDomain/myGroup")

Praveenkumar T said...

The script is worked but i am unable save the results, any way thanks a lot

Brian Seltzer said...

The script should output to results.txt in the current directory where the script is executed. Make sure you have write access to the current directory...

vonkeswick said...

Dang this article is over like 10 years old, and it still worked exactly as I needed, thanks Brian!!

Post a Comment

Related Posts Plugin for WordPress, Blogger...