Add the domain account to the local administrator group and the Local Power Users Group

Add the domain account to the local administrator group and the Local Power Users Group

In daily work, you sometimes need to add an AD account to the Administrator Group on the local machine. However, if you use a restricted group in AD, all the existing members in the Admin group will be removed! The following script is specifically written to solve this problem!

Dim sFlag
Dim oWshNetwork
Set oWshNetwork = WScript. CreateObject ("WScript. Network ")

StrComputer = oWshNetwork. ComputerName
SFlag = 0
Set colGroups = GetObject ("WinNT: //" & strComputer & "/Administrators ")

For Each objUser In colGroups. Members
'Wscript. Echo objUser. Name

Next

StrTestString = "/" & strComputer &"/"

Set colGroups = GetObject ("WinNT: //" & strComputer & "/Administrators ")

For Each objUser In colGroups. Members
If InStr (objUser. AdsPath, strTestString) Then
'Wscript. Echo "Local user:" & objUser. Name
Else
IF objuser. Name ="DomainUser"Then
SFlag = 1
'Wscript. echo "IN"
End if

'Wscript. Echo"Domain user: "& ObjUser. Name

End If
Next
If sFlag = 0 then
'Wscript. echo "NO"
Set objGroup = GetObject ("WinNT: //" & strComputer & "/Administrators ")
Set objUser = GetObject ("WinNT: // Domain/DomainUser")
ObjGroup. Add (objUser. ADsPath)
End if
After a judgment check is added to the script, no error message is displayed regardless of whether the user exists in the Administrator Group of the Local Machine. If the user already exists, the running script ends. If the user does not exist, add the DomainUser to the local administrator group!
If necessary, COPY the above Code and save it in. vbs format.Domain.com\ SYSVOL \Domain.comUnder \ scripts, GPO is used to add to the startup script of Computer Setting. At this time, there is no requirement on the user's permissions, because the user has not logged on yet, the script is executed as a domain administrator.

If you want to useDomainChange the Domain NameDomainUserChange to the account you want to add to the local administrator group!

As we all know, in the domain environment, by default, all domains only have the Users Group permission in the Local Computer. However, in actual applications, Users has very few permissions, you cannot even set up sharing. In some environments, You need to grant the power users permission to the domain USERS. The following script is used to implement some functions!

Note: during the application, change the domain in the black box below to your own domain name!

Dim sFlag
Dim oWshNetwork
Set oWshNetwork = WScript. CreateObject ("WScript. Network ")

StrComputer = oWshNetwork. ComputerName
SFlag = 0
Set colGroups = GetObject ("WinNT: //" & strComputer & "/power users ")

For Each objUser In colGroups. Members
'Wscript. Echo objUser. Name

Next

StrTestString = "/" & strComputer &"/"

Set colGroups = GetObject ("WinNT: //" & strComputer & "/power users ")

For Each objUser In colGroups. Members
If InStr (objUser. AdsPath, strTestString) Then
'Wscript. Echo "Local user:" & objUser. Name
Else
IF objuser. Name = "Domain users" Then
SFlag = 1
'Wscript. echo "IN"
End if

'Wscript. Echo "Domain user:" & objUser. Name

End If
Next
If sFlag = 0 then
'Wscript. echo "NO"
Set objGroup = GetObject ("WinNT: //" & strComputer & "/power users ")
Set objUser = GetObject ("WinNT ://Domain/Domain users ")
ObjGroup. Add (objUser. ADsPath)
End if

 

Very practical. You can try it if you are interested.

This article from the "Zhou Ping's Microsoft Unified Communication" blog, please be sure to keep this source http://1183839.blog.51cto.com/1173839/1277339