Best practice is to create a domain global group (Universal Security Group) and to nest those inside the domain local groups.
You add the users into the Universal Security Group.
Ideally, the localgroup(s) are controlled by group policy.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello,
I would like to add this function to my existing powershell script:
> Add-LocalGroupMember -Group "Remote Desktop Users" -Member $user
but i don't know how to do it, do you have the solution?
My existing PowerShell Script :
#Importer le module Active Directory pour exécuter les applets de commande AD
Import-Module activedirectory
#Stockez les données de ADUsers.csv dans la variable $ADUsers
$Users = Import-csv c:\ADUsers.csv
#Parcourez chaque ligne contenant les détails de l'utilisateur dans le fichier CSV
foreach ($User in $Users) {
# Lire les données utilisateur de chaque champ de chaque ligne
# Le nom d'utilisateur est utilisé plus souvent, donc pour éviter de taper, enregistrez-le dans une variable
$Username = $User.SamAccountName
# Vérifiez si l'utilisateur existe déjà dans AD
if (Get-ADUser -F {SamAccountName -eq $Username}) {
#Si l'utilisateur existe, donner un avertissement
Write-Warning "A user account with username $Username already exist in Active Directory."
}
else {
# L'utilisateur n'existe pas, puis créez le nouveau compte d'utilisateur
# create a hashtable for splatting the parameters
$userProps = @{
SamAccountName = $User.SamAccountName
Path = $User.path
GivenName = $User.GivenName
Surname = $User.Surname
Initials = $User.Initials
Name = $User.Name
DisplayName = $User.DisplayName
UserPrincipalName = $user.UserPrincipalName
Department = $User.Department
Description = $User.Description
Office = $User.Office
OfficePhone = $User.OfficePhone
EmailAddress = $User.EmailAddress
StreetAddress = $User.StreetAddress
POBox = $User.POBox
City = $User.City
State = $User.State
PostalCode = $User.PostalCode
Title = $User.Title
Company = $User.Company
AccountPassword = (ConvertTo-SecureString $User.password -AsPlainText -Force)
Enabled = $true
ChangePasswordAtLogon = $false
} #end userprops
New-ADUser @userProps
# Write-Host "The user account $User is created." -ForegroundColor Cyan
} #end else
}
Thank you in advance for your return
Best practice is to create a domain global group (Universal Security Group) and to nest those inside the domain local groups.
You add the users into the Universal Security Group.
Ideally, the localgroup(s) are controlled by group policy.
Adding a member to a local security group must be done on the machine on which that group exists. To do that you can either use a PowerShell session or Invoke-Command to accomplish the task.
Hi there,
When adding a local user to the admin group, use this command. The same goes for when adding multiple users.
Add-LocalGroupMember -Group "Administrators" -Member "username"
If you want to add a Microsoft account to the local admin group, use the following command:
Add-LocalGroupMember -Group "Administrators" -Member "MicrosoftAccount"
--If the reply is helpful, please Upvote and Accept it as an answer–