By default the local Administrators group will be reserved for local admins. However, in some cases, you might want to grant an end user administrator privileges on his machine so that he can able to install a driver or an application, in this case we can easily use PowerShell commands to add local user or AD domain users to local Administrators group in local machine and remote computer.
Add a user account to the local Administrators group
The following powershell commands add the given user account to local Admin group.
$user = "ComputerName/Morgan"; $group = "Administrators"; $groupObj =[ADSI]"WinNT://./$group,group" $userObj = [ADSI]"WinNT://$user,user" $groupObj.Add($userObj.Path)
Add a AD domain user account to the local Admin group :
We can use the above same commands to add domain user account by just passing the domain user.
$domainUser = "DomainName/Morgan"; $group = "Administrators"; $groupObj =[ADSI]"WinNT://./$group,group" $userObj = [ADSI]"WinNT://$domainUser,user" $groupObj.Add($userObj.Path)
Add a domain user account to the local Administrators group on a Remote computer
We need to just pass the remote machine name to add an Active Directory user to the local Administrators group on a remote Windows computer with PowerShell.
$computer = "hp-pc"; $domainUser = "DomainName/Morgan"; $group = "Administrators"; $groupObj =[ADSI]"WinNT://$computer/$group,group" $userObj = [ADSI]"WinNT://$domainUser,user" $groupObj.Add($userObj.Path)
Advertisement
Getting this when adding domain user:
Exception calling "Add" with "1" argument(s): "An invalid directory pathname was passed
"
At line:5 char:1
+ $groupObj.Add($userObj.Path);
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvokeTI