question

PerserPolis-1732 avatar image
0 Votes"
PerserPolis-1732 asked PerserPolis-1732 answered

Powershell script issue for add the domain user to the local admin group

Hi

the following Power Shell Script add the AD domain user to the local admin group on the client machine.

Here my script

>

[CmdletBinding()]
Param(
[Parameter(Mandatory=$true,Position=1)]
[ValidateSet("User","Group")]
[String]
$ObjectType,

 [Parameter(Mandatory=$true,Position=2)]
 [ValidateScript({($_.split("\").count -eq 2)})]
 [string]$ObjectName,

 [Parameter(Position=3)]
 [String[]]$ComputerName=$env:COMPUTERNAME

)

$ResultsFile = "c:\temp\result.csv"
$ObjDomain = $ObjectName.Split("\")[0]
$ObjName = $ObjectName.Split("\")[1]
$ComputerCount = $ComputerName.Count
$count = 0
Add-Content -Path $ResultsFile -Value "ComputerName,Status,Comments"
foreach($Computer in $ComputerName) {
$count++
$Status=$null
$Comment = $null
Write-Host ("{0}. Working on {1}" -f $Count, $Computer)
if(Test-Connection -ComputerName $Computer -Count 1 -Quiet) {
Write-Verbose "$Computer : Online"
try {
$GroupObj = [ADSI]"WinNT://$Computer/Administrators"
$GroupObj.Add("WinNT://$ObjDomain/$ObjName")
$Status = "Success"
$Comment = "Added $ObjectName $ObjectType to Local administrators group"
Write-Verbose "Successfully added $ObjectName $ObjectType to $Computer"
} catch {
$Status = "Failed"
$Comment = $_.toString().replace("`n","").replace("`r","")
Write-Verbose "Failed to add $ObjectName $ObjectType to $Computer"
}

     Add-Content -Path $ResultsFile -Value ("{0},{1},{2}" -f $Computer,$Status,$Comment )    

 } else {
     Write-Warning "$Computer : Offline"
     Add-Content -Path $ResultsFile -Value ("{0},{1}" -f $Computer,"Offline")
 }

}


I run that script with following command


AddocalAdminGroupMembers.ps1 -ObjectType User -ObjectName "domain\User" -ComputerName "test"



domain\user , I put here my domain and username and -ComputerName put here my client computer name

I have 100 different domain users and 100 different computers I have to add these to the local admin group, it means I have to run that script 100 times

My question is:

Is there anyway to add all username and computername in one step? for example with CSR file

Regards

windows-server-powershell
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RichMatheisen-8856 avatar image
0 Votes"
RichMatheisen-8856 answered

You could turn your script into a function and add a bit of "driver" code to take a CSV with the data and turn it into function calls.

 Function AddOne{
     [CmdletBinding()]
     Param(
         [Parameter(Mandatory = $true, Position = 1)]
         [ValidateSet("User", "Group")]
         [String]
         $ObjectType,
    
         [Parameter(Mandatory = $true, Position = 2)]
         [ValidateScript({ ($_.split("\").count -eq 2) })]
         [string]$ObjectName,
         [Parameter(Position = 3)]
         [String[]]$ComputerName = $env:COMPUTERNAME
     )
    
     $ResultsFile = "c:\temp\result.csv"
     $ObjDomain = $ObjectName.Split("\")[0]
     $ObjName = $ObjectName.Split("\")[1]
     $ComputerCount = $ComputerName.Count
     $count = 0
     Add-Content -Path $ResultsFile -Value "ComputerName,Status,Comments"
     foreach ($Computer in $ComputerName) {
         $count++
         $Status = $null
         $Comment = $null
         Write-Host ("{0}. Working on {1}" -f $Count, $Computer)
         if (Test-Connection -ComputerName $Computer -Count 1 -Quiet) {
             Write-Verbose "$Computer : Online"
             try {
                 $GroupObj = [ADSI]"WinNT://$Computer/Administrators"
                 $GroupObj.Add("WinNT://$ObjDomain/$ObjName")
                 $Status = "Success"
                 $Comment = "Added $ObjectName $ObjectType to Local administrators group"
                 Write-Verbose "Successfully added $ObjectName $ObjectType to $Computer"
             }
             catch {
                 $Status = "Failed"
                 $Comment = $_.toString().replace("`n", "").replace("`r", "")
                 Write-Verbose "Failed to add $ObjectName $ObjectType to $Computer"
             }
    
             Add-Content -Path $ResultsFile -Value ("{0},{1},{2}" -f $Computer, $Status, $Comment )    
         }
         else {
             Write-Warning "$Computer : Offline"
             Add-Content -Path $ResultsFile -Value ("{0},{1}" -f $Computer, "Offline")
         }
    
     }
 }
    
 # Use the function
    
 # CSV looks like this:
 #Computer,Account,Type
 #WS01,Domain\Account,User
 #WS01,Domain\Account,Group
 Import-CSV c:\Junk\MyCsv.csv |
     ForEach-Object{
         AddOne -ComputerName $_.Computer -ObjectName $_.Account -ObjectType $_.Type
     }
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

PerserPolis-1732 avatar image
0 Votes"
PerserPolis-1732 answered RichMatheisen-8856 commented

Hi,

It works.

Thank you for help

Regards

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

The code in your script now IS the function!

The code to USE the function is in the last 10 lines of the code sample.




1 Vote 1 ·
PerserPolis-1732 avatar image
0 Votes"
PerserPolis-1732 answered RichMatheisen-8856 commented

Hi Rich,

Is there a way to use that script to remove the AD User from local Admin group with CSV file?

Regards

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Yes. Use the object's "Remove" method in the same way you used the "Add" method.

0 Votes 0 ·
PerserPolis-1732 avatar image
0 Votes"
PerserPolis-1732 answered RichMatheisen-8856 commented

I changed the Object ADD , but it does not work

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Without seeing how you did this it's hard to say what "does not work".

Have a look at this and see if it helps you: remove-user-from-local-administrator-group-powershell.html


0 Votes 0 ·
PerserPolis-1732 avatar image
0 Votes"
PerserPolis-1732 answered

I have changed only the add function in the script

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.