none
The script is not giving any output RRS feed

  • General discussion

  • Hi - I tried using Add AD user/group to Local Administrator Group  however when I am using it via computerlist.txt file, it's not working and neither giving any error after executing. Please advice.
    • Changed type Bill_Stewart Wednesday, February 14, 2018 7:12 PM
    • Moved by Bill_Stewart Wednesday, February 14, 2018 7:12 PM Abandoned
    Wednesday, December 27, 2017 7:22 AM

All replies

  • Without your script your question is meaningless.

    \_(ツ)_/

    Wednesday, December 27, 2017 7:53 AM
  • My Bad :-)

    here is the script content.

    #>
    param(
        [Parameter(ParameterSetName='InputFile')]
        [string]
            $InputFile,
        [Parameter(ParameterSetName='Computer')]
        [string]
            $Computer,
        [string]
            $Trustee
    )
    <#
    .SYNOPSIS
        Function that resolves SAMAccount and can exit script if resolution fails
    #>
    function Resolve-SamAccount {
    param(
        [string]
            $SamAccount,
        [boolean]
            $Exit
    )
        process {
            try
            {
                $ADResolve = ([adsisearcher]"(samaccountname=$Trustee)").findone().properties['samaccountname']
            }
            catch
            {
                $ADResolve = $null
            }

            if (!$ADResolve) {
                Write-Warning "User `'$SamAccount`' not found in AD, please input correct SAM Account"
                if ($Exit) {
                    exit
                }
            }
            $ADResolve
        }
    }

    if (!$Trustee) {
        $Trustee = Read-Host "Please input trustee"
    }

    if ($Trustee -notmatch '\\') {
        $ADResolved = (Resolve-SamAccount -SamAccount $Trustee -Exit:$true)
        $Trustee = 'WinNT://',"$env:userdomain",'/',$ADResolved -join ''
    } else {
        $ADResolved = ($Trustee -split '\\')[1]
        $DomainResolved = ($Trustee -split '\\')[0]
        $Trustee = 'WinNT://',$DomainResolved,'/',$ADResolved -join ''
    }

    if (!$InputFile) {
        if (!$Computer) {
            $Computer = Read-Host "Please input computer name"
        }
        [string[]]$Computer = $Computer.Split(',')
        $Computer | ForEach-Object {
            $_
            Write-Host "Adding `'$ADResolved`' to Administrators group on `'$_`'"
            try {
                ([ADSI]"WinNT://$_/Administrators,group").add($Trustee)
                Write-Host -ForegroundColor Green "Successfully completed command for `'$ADResolved`' on `'$_`'"
            } catch {
                Write-Warning "$_"
            }    
        }
    }

    Wednesday, December 27, 2017 8:08 AM
  • The code does not make much sense.  What are you trying to do?


    \_(ツ)_/

    Wednesday, December 27, 2017 8:46 AM
  • I am trying to run this script to add the AD Users/Groups in local Administrator group of a server. with the above script and syntax .\Set-ADAccountasLocalAdministrator.ps1 -InputFile C:\ListofComputers.txt -Trustee <User01>.

    I have created a list of server with the name ListofComputers.txt and kept both the script and .txt file in same location. Upon executing the command, it returns to the directory and no change happens.

    Thursday, December 28, 2017 2:00 AM
  • That doesn't make much sense.  What are you trying to add to what?

    To add users/groups to a local group use "Add-LocalGroupMember".

    HELP Add-LocalGroupMember -full


    \_(ツ)_/

    Thursday, December 28, 2017 2:17 AM
  • Ok. I guess I made it sound confusing. Here is my requirement.

    Need a powershell script to add the domain user or group to the local administrator group in the list of servers. the scripts  has to work on any domains ....test, build, stage domains.

    So I used the above script and test it for couple of servers however, it's not working as I neither get the the user added to local Administrators group of a server nor there is an error that  script didn't ran successfully.

    Hope I made myself clear this time.

    Thursday, December 28, 2017 2:43 AM
  • Look in the Gallery for scripts that add accounts to local groups.  There are many that do this.


    \_(ツ)_/

    Thursday, December 28, 2017 2:46 AM
  • To add any account to any local group this is all that is needed.

    $group = [adsi]'WinNT://alpha/Administrators,group'
    $aDSPath = 'WinNT://domain/account'
    $group.psbase.Invoke('Add',$aDSPath)
    


    \_(ツ)_/

    Thursday, December 28, 2017 2:54 AM
  • Yes, that what I did. I found the below one and executed in my environment but it's not making the changes.

    https://gallery.technet.microsoft.com/scriptcenter/Add-AD-UserGroup-to-Local-fe5e9239

    used with syntax

    .\Set-ADAccountasLocalAdministrator.ps1 -InputFile C:\ListofComputers.txt -Trustee User01

    • Edited by Sajjy Thursday, December 28, 2017 2:56 AM
    Thursday, December 28, 2017 2:55 AM
  • You don't need a script. I recommend using a GPO to manage the local Administrators groups on computers.

    -- Bill Stewart [Bill_Stewart]

    Thursday, December 28, 2017 4:00 PM