BatchPatch Forums Home › Forums › BatchPatch Support Forum › Adding long domain group to local administrators group
- This topic has 4 replies, 2 voices, and was last updated 9 years, 9 months ago by doug.
-
AuthorPosts
-
March 9, 2015 at 5:59 pm #9063jagablackParticipant
Hi Doug/All,
I am trying to add a domain group to a local group via BatchPatch.
I tried net localgroup but it doesn’t work because:
“The NET.EXE command does not support names longer than 20 characters for reasons of backward compatibility with LAN Manager 2.0.”
Wondering if you had run into this and had Powershell or other option for this via BatchPatch since net localgroup is coming up short.
Thanks!
March 9, 2015 at 6:44 pm #10784jagablackParticipantActually I found a method outside of BatchPatch using Powershell,
`function ListAdministrators($Group)<br />
{<br />
$members= $Group.psbase.invoke(“Members”) | %{$_.GetType().InvokeMember(“Name”, ‘GetProperty’, $null, $_, $null)}<br />
$members<br />
}</p>
<p>function Ping-Server {<br />
Param([string]$srv)<br />
$pingresult = Get-WmiObject Win32_PingStatus -Filter “Address=’$srv'”<br />
if($pingresult.StatusCode -eq 0) {$true} else {$false}<br />
}</p>
<p>if ($args.Length -ne 2) {<br />
Write-Host “`tUsage: “
Write-Host “
t`t.AddToLocalAdmin.ps1 < group or user > <file of machines>”
Write-Host “
t
tExample: .AddToLocalAdmin.ps1 FooBarGroup c:tempmymachines.txt”return
}
#Your domain, change this
$domain = “putdomainnamehere”
#Get the user to add
$username = $args[0]
#File to read computer list from
$strComputers = Get-content $args[1]
foreach ($strComputer in $strComputers)
{
if (Ping-Server($strComputer)) {
$computer = [ADSI](“WinNT://” + $strComputer + “,computer”)
$Group = $computer.psbase.children.find(“administrators”)
# This will list what’s currently in Administrator Group so you can verify the result
write-host -foregroundcolor green “====== $strComputer BEFORE =====”
ListAdministrators $Group
write-host -foregroundcolor green “====== BEFORE =====”
# Even though we are adding the AD account
# It is being added to the local computer and so we will need to use WinNT: provider
$Group.Add(“WinNT://” + $domain + “/” + $username)
write-host -foregroundcolor green “====== $strComputer AFTER =====”
ListAdministrators $Group
write-host -foregroundcolor green “====== AFTER =====”
}
else
{
write-host -foregroundcolor red “$strComputer is not pingable”
}
}
You feed it the user or groupname and a text file of the list of machines.
Perhaps you could help feed this into BatchPatch.
If not I understand, but just wanted to ask and then share.
PS C:tools> .AddToLocalAdmin.ps1 testgroupname c:toolsservers.txt
March 9, 2015 at 7:11 pm #10789dougModeratorJeremy – Maybe try the suggestion at this page:
It suggests the following command, which should be runnable directly from the cmd prompt, which means that it should also be runnable directly from the remote command field in BP. I have not tried it, so let me know how it goes:
powershell -command "& { ([adsi]'WinNT://./your-local-group,group').Add('WinNT://YOURDOMAIN/your-really-long-global-group-name,group'); }"
-Doug
March 9, 2015 at 8:07 pm #10776jagablackParticipantI got access denied. I think I will just run with the other method in the interest of time though.
Exception calling “Add” with “1” argument(s): “Access is denied.
“
At line:1 char:5
+ & {
([adsi]’WinNT://./administrators,group’).Add(‘WinNT://mydom/mydomgroupname
…
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~
+ CategoryInfo : NotSpecified: (:) [], MethodInvocationException
+ FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvokeTI
March 9, 2015 at 9:22 pm #10778dougModeratorOK, sounds good. If I get a chance to do some testing later, I’ll report back here.
Thanks,
Doug
-
AuthorPosts
- You must be logged in to reply to this topic.