Re: Adding Domain User to local PC

From: Richard Mueller [MVP] (rlmueller-NOSPAM_at_ameritech.NOSPAM.net)
Date: 11/26/04

• Next message: Michael Noote: "dns server"
• Previous message: Torgeir Bakken \(MVP\): "Re: Powercfg.exe does not allow configuration of power buttons"
• In reply to: Mark-Allen Perry: "Re: Adding Domain User to local PC"
• Next in thread: Houghts16: "Re: Adding Domain User to local PC"
• Reply: Houghts16: "Re: Adding Domain User to local PC"
• Messages sorted by: [ date ] [ thread ]

Date: Fri, 26 Nov 2004 16:08:52 -0600

Hi,

I think you are correct. I believe the poster wants to add a domain user to a local group. The procedure would be to bind to the domain user (or group), bind to the local group on the PC, then use the Add method of the local group object to add the member, passing the AdsPath of the domain user (or group). I use the IsMember method of the group object to check if the new member already belongs to the group before adding them. You must use the WinNT provider. For example, I have used the script below. However, sometimes it cannot bind to the remote computer. I'm not sure when this can be done and when not. Perhaps Torgeir knows. Of course, you need sufficient permissions (be a member of Domain Admins).

Option Explicit
Dim strDomainGroup, strComputer, objLocalGroup, objDomainGroup

' Specify AdsPath of domain group to be added to
' local group.
strDomainGroup = "WinNT://MyDomain/MyGroup,group"

' Bind to domain group.
Set objDomainGroup = GetObject(strDomainGroup)

' Retrieve or specify computer NetBIOS name.
strComputer = "RemoteComputer"

' Bind to local group.
Wscript.Echo "WinNT://" & strComputer _
  & "/Administrators,group"

Set objLocalGroup = GetObject("WinNT://" & strComputer _
  & "/Administrators,group")

' Check if domain group already a member.
If Not objLocalGroup.IsMember(objDomainGroup.AdsPath) Then
  ' Add domain group to local group.
  objLocalGroup.Add(objDomainGroup.AdsPath)
  Wscript.Echo "Not Member, add"
Else
  Wscript.Echo "Already member"
End If

-- 
Richard
Microsoft MVP Scripting and ADSI
HilltopLab web site - http://www.rlmueller.net
--
  "Mark-Allen Perry" <mark-allen@mvps_dot_org> wrote in message news:Oy9$3u$0EHA.2192@TK2MSFTNGP14.phx.gbl...
  Hmmm... not sure I understand the question.  Do you want to add a domain user to a 'local group'?
  Or are you thinking it is necessary to add a 'domain user' to a local computer SAM?
  There is no need to add a domain user to a local machine since the user profile will either be transferred from the DC or will be created and then transferred to the local PC.  Although there might be a user profile for the domain user on the local machine, their name *does not* reside in the local SAM.
  Does this help?  And Torgeir, correct me here if I'm off base.
  -- 
  Always try the MS KB first before posting.
  MS KB: http://support.microsoft.com/default.aspx?scid=fh;EN-US;KBHOWTO
  And the answer could have already been posted, so try searching this and other newsgroups first.
  ----
  Mark-Allen Perry
  ALPHA Systems
  Marly, Switzerland
  mark-allen_AT_mvps_DOT_org
    "Houghts16" <Houghts16@discussions.microsoft.com> wrote in message news:F0B17698-F1A6-4C9F-BBE4-8105941D211A@microsoft.com...
    Hi 
    Can this be done.  I want to add a Domain User to the local pc.
    I want to do this thru a script.
    All the computer names are in AD.  
    I have a script in place that I can manipulate to provide the computer name 
    that I want this done to.
    Thanks Dave

• Next message: Michael Noote: "dns server"
• Previous message: Torgeir Bakken \(MVP\): "Re: Powercfg.exe does not allow configuration of power buttons"
• In reply to: Mark-Allen Perry: "Re: Adding Domain User to local PC"
• Next in thread: Houghts16: "Re: Adding Domain User to local PC"
• Reply: Houghts16: "Re: Adding Domain User to local PC"
• Messages sorted by: [ date ] [ thread ]

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint