Hey Guys,
i have a particular problem that i am struggeling to solve.
I am running a script as local administrator (needs to be), where i am writing a given AD-User into local Remote Desktop Users. But because i am local administrator, the AD wont let me write it.
Our AD is very strict, so it only talks with ad users. // it can not be a hard written tec user, because of security reasons…
Is there a way to only write the Name, without matching with the ad, if it exists?
I hope you can understand what i am trying to tell… English is not my Mother language…
Here is the Part from my scipt:
# I built a litte Overlay where you can write in the user, that should be able to connect with rdp
$ButtonAdd.Add_Click({
# resolve name of group with static sid S-1-5-32-555 = Remote Desktop Users
$objSID = New-Object System.Security.Principal.SecurityIdentifier("S-1-5-32-555")
$Group = (($objSID.Translate([System.Security.Principal.NTAccount]) ).Value).Split("\")[1]
# get local domain
$domain = $env:USERDOMAIN
# get username
$user = $TextBox1.Text
foreach($user in $TextBox1.Text){
try {
# add user to windows group
$de = ([ADSI]"WinNT://localhost/$Group,group").Add("WinNT://$domain/$user")
# refresh userlist
Update-UserList
# display short information that adding user was successfull
$TextBoxStat.Text = "Erfolgreich hinzugefügt"
Start-Sleep -Seconds 1
$TextBoxStat.Text = ""
} catch {
# display info about failure
$TextBoxStat.Text = "User konnte nicht der lokalen Windows-Gruppe hinzugefügt werden"
Start-Sleep -Seconds 2
$TextBoxStat.Text = ""
}}
})
