Add-LocalGroupMember
Adds members to a local group.
Syntax
Add-LocalGroupMember
[-Group] <LocalGroup>
[-Member] <LocalPrincipal[]>
[-WhatIf]
[-Confirm]
[<CommonParameters>] Add-LocalGroupMember
[-Member] <LocalPrincipal[]>
[-Name] <String>
[-WhatIf]
[-Confirm]
[<CommonParameters>] Add-LocalGroupMember
[-Member] <LocalPrincipal[]>
[-SID] <SecurityIdentifier>
[-WhatIf]
[-Confirm]
[<CommonParameters>] Description
The Add-LocalGroupMember cmdlet adds users or groups to a local security group. All the rights and
permissions that are assigned to a group are assigned to all members of that group.
Members of the Administrators group on a local computer have Full Control permissions on that computer. Limit the number of users in the Administrators group.
If the computer is joined to a domain, you can add user accounts, computer accounts, and group accounts from that domain and from trusted domains to a local group.
Note
If the computer is joined to a domain and you try to add a local user that has the same name as a member of the domain it adds the domain member.
Examples
Example 1: Add members to the Administrators group
This command adds several members to the local Administrators group. The new members include a local user account, a Microsoft account, an Azure Active Directory account, and a domain group. This example uses a placeholder value for the user name of an account at Outlook.com.
Add-LocalGroupMember -Group "Administrators" -Member "Admin02", "MicrosoftAccount\username@Outlook.com", "AzureAD\DavidChew@contoso.com", "CONTOSO\Domain Admins"Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
| Type: | SwitchParameter |
| Aliases: | cf |
| Position: | Named |
| Default value: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Group
Specifies the security group to which this cmdlet adds members.
| Type: | Microsoft.PowerShell.Commands.LocalGroup |
| Position: | 0 |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-Member
Specifies an array of users or groups that this cmdlet adds to a security group. You can specify users or groups by name, security ID (SID), or LocalPrincipal objects.
| Type: | Microsoft.PowerShell.Commands.LocalPrincipal[] |
| Position: | 1 |
| Default value: | None |
| Accept pipeline input: | True |
| Accept wildcard characters: | False |
-Name
Specifies the name of the security group to which this cmdlet adds members.
| Type: | String |
| Position: | 0 |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-SID
Specifies the security ID of the security group to which this cmdlet adds members.
| Type: | SecurityIdentifier |
| Position: | 0 |
| Default value: | None |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
| Type: | SwitchParameter |
| Aliases: | wi |
| Position: | Named |
| Default value: | False |
| Accept pipeline input: | False |
| Accept wildcard characters: | False |
Inputs
System.Management.Automation.SecurityAccountsManager.LocalGroup
You can pipe a local principal to this cmdlet.
You can pipe a string to this cmdlet.
You can pipe a SID to this cmdlet.
Outputs
None
This cmdlet returns no output.
Notes
The Microsoft.PowerShell.LocalAccounts module is not available in 32-bit PowerShell on a 64-bit system.
The PrincipalSource property is a property on LocalUser, LocalGroup, and LocalPrincipal objects that describes the source of the object. The possible sources are as follows:
- Local
- Active Directory
- Azure Active Directory group
- Microsoft Account
PrincipalSource is supported only by Windows 10, Windows Server 2016, and later versions of the Windows operating system. For earlier versions, the property is blank.
Related Links
Feedback
Submit and view feedback for