[Solved]Need help in adding domain group to servers local admin group

jps0319 · February 25, 2021, 4:46pm

Hi Team,

Can anyone please suggest me way for below scenario:

We have domain group like “LSG-SA-Server” to provide local admin access to server. So this group needs to be added in servers local administrators group.

Suppose we have 2 groups “LSG-SA-Server1” and “LSG-SA-Server2”.
Server names are ‘Server1’ and ‘Server2’. I want to create a script that should automatically add server1 group to server1 and server2 group to server2. Can someone please guide me. I would appreciate that.

Regards
Jatinder

kvprasoon · February 25, 2021, 5:57pm

So LSG-SA-ServerX where ServerX is the server where LSG-SA-ServerX group needs admin privilege. This can be done easily if you have the list of admin groups. It can be in a file or CSV.

First, readthe file/csv
Iterate through each of them using foreach loop
Use Spit() method to split the server name, based on the pattern it will be Split("-")[-1]. The last one from the split items.
Then use Add-ADGroupMember cmdelt to add to the group.

untested example

$GroupList = Get-Conent -Path c:\temp\GroupList.txt

foreach($Group in $ServerList){
 $Group = $Group.Trim() # This is to trim away leading and trailing white spaces from the file if any
 $Server = $Group.Split("-")[-1]
 Add-ADGroupMember -Identity $Group -Member $Server
}

jps0319 · February 26, 2021, 10:42am

Hi Prasoon,

Thanks for your reply. However it seems you understood this question differently. First of all, my server names also has “-” in their names so using split is not working that you mentioned above or we might have to tweak it more.
2nd, we can’t use Get-ADGroupMember because I need to add “LSG-SA-Server” group to server’s local administrators group. So either I can use Add-LocalGroupMember or if PS version is old then I can use ‘net localgroup’.

I wrote below code to get this done. I am using ‘net’ command because servers PS version is old and they don’t have Add-LocalGroupMember cmdlet on the servers.
Also ‘net’ command can’t be used if group name is more than 20 characters but I have group names with less than 20 characters so it is working fine or me. Here is my small code:

foreach ($s in $servers){
    
    foreach($g in $groups){
        
        if ($g -match $s){

            Invoke-Command -ScriptBlock {net localgroup Administrators $using:g /add} -ComputerName $s

        }
    }
}

kvprasoon · February 26, 2021, 11:14am

Is the above code doing the job for you ? If so glad to know that your issue is solved.

jps0319 · February 26, 2021, 11:15am

Yes, it is working for me. Thank you for your inputs.

Regards
Jatinder

Topic		Replies	Views
Create server/clients admins groups PowerShell Help	15	212	May 16, 2024
Adding Account on Remote Local Administrator Groups PowerShell Help	1	319	May 16, 2024
DSC Script for adding a Domain group to local administrators group DSC	2	243	May 16, 2024
Get Local admins with domain PowerShell Help	2	196	May 16, 2024
Create securty groups from server name PowerShell Help	1	181	May 16, 2024

[Solved]Need help in adding domain group to servers local admin group

Related topics