DSC Script for adding a Domain group to local administrators group


I am looking for a simple DSC script (using Group Resource) which can be used to add multiple AD groups in to local administrators on multiple servers. Could someone pls help

Please see if below works for you in a test environment. You’ll need to work with certificates to properly secure the credential password.

Configuration AddGroupMembers {

    param (



    Import-DscResource -ModuleName PSDesiredStateConfiguration -Name Group

    Node $AllNodes.NodeName { 
        Group AddGroupMembers {
            Ensure = 'Present'
            GroupName = $GroupName
            MembersToInclude = $MembersToInclude
            Credential = $Credential

$ConfigData = @{
    AllNodes = @(
            # the name of the target node
            NodeName = 'localhost'

            # This is not recommended, only for testing purposes. Replace with Thumbprint and CertificateFile after testing.
            PsDscAllowPlainTextPassword = $true

            # Suppress warning: It is not recommended to use domain credential ...
            PSDscAllowDomainUser = $true

$AddParams = @{
    GroupName = 'Event Log Readers'
    MembersToInclude = 'DOMAIN\my-group'
    Credential = (Get-Credential -Credential 'DOMAIN\admin user')
    ConfigurationData = $ConfigData
AddGroupMembers @AddParams

I hope that helps to get started. Additional details regarding the encryption can be found here: https://msdn.microsoft.com/en-us/powershell/dsc/secureMOF

The online documentation for the Group resource is here: https://msdn.microsoft.com/en-us/powershell/dsc/groupresource