ITAdminTools.com: Add Administrators to Multiple Servers Using PowerShell

How to add a user or group to the local administrators group on multiple Windows servers using a PowerShell script. It's a common task, you build some new servers, and you have to add an Active Directory group to the local administrators group to grant administrative access to some groups. Usually this is manually done by logging on to each server, opening Computer Management, and adding the group, one server at a time. Brutal.

Why not do it with PowerShell? It's not complicated. We can use the ADSI provider for PowerShell to connect to the local security accounts manager on each server and add a member to the local Administrators group.

The script reads server names from a file, servers.txt. For each server, it connects to the administrators group, and adds a member to it. The script needs to be customized for your environment. Simply replace myDomain with the name of your Active Directory domain, and replace myGroup with the name of the group you want to add.

$servers = Get-Content .\servers.txt
"Name`tStatus" | Out-File -FilePath .\results.txt
foreach ($server in $servers){
 try{
  $adminGroup = [ADSI]"WinNT://$server/Administrators"
  $adminGroup.add("WinNT://myDomain/myGroup")
  "$server`tSuccess"
  "$server`tSuccess" | Out-File -FilePath .\results.txt -Append
 }
 catch{
  "$server`t" + $_.Exception.Message.ToString().Split(":")[1].Replace("`n","")
  "$server`t" + $_.Exception.Message.ToString().Split(":")[1].Replace("`n","") | Out-File -FilePath .\results.txt -Append
 }
}

Related Posts:

16 comments:

AnonymousApril 27, 2012 at 3:42 PM
Nice solution. the piping fails and users will need to change that into a"|". Not sure how the formatting restrictions are here. I had a similar scripts, but your "catch" convinced me.
AnonymousJune 6, 2012 at 11:04 AM
The following exception occurred while retrieving member "add": "The network path was not found."
At line:6 char:18
+ $adminGroup.add <<<<
BrianJune 7, 2012 at 2:45 AM
Make sure you replace "myDomain" with whatever your domain name is. It looks like it's failing to find your domain.
AnonymousSeptember 7, 2012 at 2:59 PM
YOU ARE THE MAN! 583 servers i dont have to touch. worked great TY
AnonymousJune 18, 2014 at 5:03 PM
I am getting this message:
A member could not be added to or removed from the local group because the member does not exist.
BrianJune 22, 2014 at 4:56 PM
Make sure you're using the correct domain name and group name. There's not much else that could go wrong...
UnknownJuly 21, 2014 at 3:06 PM
great script, worked great
BellgatesJune 25, 2015 at 5:25 AM
Great Script!! Appreciated!!
AnonymousOctober 13, 2015 at 11:46 AM
this script works, thank you very much
bruceXedwardsMarch 30, 2016 at 4:13 PM
Also, this script works great for adding users to other local groups when editing line 6:

$adminGroup = [ADSI]"WinNT://$server/Performance Log Users"
AnonymousMarch 2, 2017 at 12:16 PM
THANK YOU!!
AnonymousMarch 29, 2017 at 7:57 AM
Any idea how to remove a user / group from administrators group for multiple server?? Can we append this script with

$adminGroup = [ADSI]"WinNT://$server/Administrators"
$adminGroup.delete("WinNT://myDomain/myGroup")
BrianMarch 29, 2017 at 5:32 PM
It's remove not delete. Remove is the correct method to remove a member from a group, so:

$adminGroup.remove("WinNT://myDomain/myGroup")
Praveenkumar TMarch 16, 2021 at 5:49 PM
The script is worked but i am unable save the results, any way thanks a lot
Brian SeltzerMarch 16, 2021 at 5:59 PM
The script should output to results.txt in the current directory where the script is executed. Make sure you have write access to the current directory...
vonkeswickNovember 3, 2022 at 7:25 PM
Dang this article is over like 10 years old, and it still worked exactly as I needed, thanks Brian!!