Re: How to make a AD group member of the local administrators grou
- From: Clemens de Brouwer <ClemensdeBrouwer@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 1 Aug 2007 11:50:02 -0700
Thanks for reaction, but I need two AD groups to become a member of the local
administrators group.
Can I use your script and replace the user ingo with the group info or do I
need something else??
with kind regards
Clemens de Brouwer
"Richard Mueller [MVP]" wrote:
You can, of course, make the two users members of a domain group and add.
that group to the local Administrators group. This gives more flexibility,
for example if jobs change. That said, you must use the WinNT provider when
dealing with local accounts. For example:
================
' Bind to domain objects.
Set objDomainUser = GetObject("WinNT://MyDomain/JSmith,user")
Set objDomainGroup = GetObject("WinNT://MyDomain/TestGroup,group")
' Bind to local group.
strComputer = "WST231"
Set objLocalGroup = GetObject("WinNT://" & strComputer &
"/Administrators,group")
' Check if user already a member.
If (objLocalGroup.IsMember(objDomainUser.AdsPath) = False) Then
' Add user to group.
objLocalGroup.Add(objDomainUser.AdsPath)
End If
' Check if group already a member.
If (objLocalGroup.IsMember(objDomainGroup.AdsPat) = False) Then
' Add group to group.
objLocalGroup.Add(objDomainGroup.AdsPath)
End If
=============
This can be done remotely (If you are a member of Domain Admins and this
group is still a member of the local Administrators group). It cannot be
done in a logon script, as most users should not have permission. It could
be done in a Startup script, as they run with System privileges on the local
computer.
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
"Clemens de Brouwer" <clemens66@xxxxxxxxxxxxx> wrote in message
news:4C0169DD-35CC-441C-AA60-D727FF32F470@xxxxxxxxxxxxxxxx
Because in a GPO this is done using the restricted group option. And we
need
to also add local users to the administrator group which will be deleted
by
the GPO when we use the restricted group option.
And we need two domain groups to be member of the local administrators
group.
I'm creating a vbscript which creates the local users, set there passwords
and makes them member of the local administrators group. This script also
has to add the two domain groups to the local administrators group
I hope this makes it clear to you why we needs this to a script.
with kind regards
--
Clemens de Brouwer
LogicaCMG
Eindhoven (the Netherlands)
"Kenneth Bess" wrote:
Hi,
Why not creating a GPO instead - I think that is the best thing to do in
this case.
Regards,
Kenneth
"Clemens de Brouwer" <clemens66@xxxxxxxxxxxxx> wrote in message
news:91D93564-C5E8-4CA6-ADE2-A91960891656@xxxxxxxxxxxxxxxx
I need to make a vbscript which makes two groups present in an Active
Directory Domain member of the computers local Administrators group.
Any sugestions?
--
Clemens de Brouwer
LogicaCMG
Eindhoven (the Netherlands)
- Follow-Ups:
- Re: How to make a AD group member of the local administrators grou
- From: Richard Mueller [MVP]
- Re: How to make a AD group member of the local administrators grou
- References:
- Re: How to make a AD group member of the local administrators group
- From: Kenneth Bess
- Re: How to make a AD group member of the local administrators grou
- From: Richard Mueller [MVP]
- Re: How to make a AD group member of the local administrators group
- Prev by Date: Re: How to make a AD group member of the local administrators grou
- Next by Date: Get Volume # of volume
- Previous by thread: Re: How to make a AD group member of the local administrators grou
- Next by thread: Re: How to make a AD group member of the local administrators grou
- Index(es):
Relevant Pages
|
