Adding a user to the local Administrator group using powershell

windows powershell automation

93,084

Solution 1

This is the Advanced Function That I use to add a users to the local Administrator group using Powershell on several computers.

Usage: Get-Content C:\Computers.txt | Set-LocalAdminGroupMembership -Account 'YourAccount'

Function Global:Set-LocalAdminGroupMembership
{


    <#
    .Synopsis

    .Description

    .Parameter $ComputerName,

    .Example
     PS> Set-LocalAdminGroupMembership -ComputerName $ComputerName -Account 'YourAccount'

    .Link
     about_functions
     about_functions_advanced
     about_functions_advanced_methods
     about_functions_advanced_parameters

    .Notes
     NAME:      Set-LocalAdminGroupMembership
     AUTHOR:    Innotask.com\dmiller
     LASTEDIT:  2/4/2010 2:30:05 PM
     #Requires -Version 2.0
    #>



    [CmdletBinding()]
    param(
    [Parameter(Position=0, ValueFromPipeline=$true)]
    $ComputerName = '.',
    [Parameter(Position=1, Mandatory=$true)]
    $Account
    )


    Process
    {  

        if($ComputerName -eq '.'){$ComputerName = (get-WmiObject win32_computersystem).Name}    
        $ComputerName = $ComputerName.ToUpper()


        $Domain = $env:USERDNSDOMAIN

        if($Domain){
            $adsi = [ADSI]"WinNT://$ComputerName/administrators,group"
            $adsi.add("WinNT://$Domain/$Account,group")
            }else{
            Write-Host "Not connected to a domain." -foregroundcolor "red"
            }


    }# Process


}# Set-LocalAdminGroupMembership

Solution 2

On Server 2016 and Windows 10 Version 1607 and later you can use the new PowerShell local user cmdlets:

Add-LocalGroupMember -Group Administrators -Member username

This was added in Windows Management Framework (WMF) 5.1.

The Microsoft.PowerShell.LocalAccounts module works fine on 2012 R2 if you just copy the files into a $env:PsModulePath location.

Solution 3

Here is a simple 2 line script that performs this function

$group = [ADSI]("WinNT://"+$env:COMPUTERNAME+"/administrators,group")
$group.add("WinNT://$env:USERDOMAIN/usernameiwantoadd,user")

For more information see Hey, Scripting Guy! How Can I Use Windows PowerShell to Add a Domain User to a Local Group?

So there are a couple of notes. In the first line I used string concatenation, I didn't have to (see the next line) but I like to because it helps accentuate the variables I am using. Second, these lines will add a domain user, if you wanted to add a local user just remove $env:USERDOMAIN/

Solution 4

Simple Step to add a domain user to the Administrators group:

Add-LocalGroupMember -Group Administrators -Member $env:USERDOMAIN\<username>

Note: Make sure you run PowerShell "As Administrator".

View more solutions

93,084

Eli Ganem

Updated on September 17, 2022

Comments

Eli Ganem over 1 year

I would like to use PowerShell to add a specific user to the local administrator group on a machine. I would be running the PowerShell script in the context of a user that has Administration rights on the local machine.
Eli Ganem about 14 years

I would like to run this script on workstations in such a way that the person running the script can type in a username. Hence the Read-Host
raja about 14 years

so in that case make the first line $userInput = Read-Host "Enter username to add to the local admin group" then use $userinput where is says usernameiwantoadd
Panki almost 5 years

Be careful, the group "Administrators" might be called different depending on your locale, on a German system it is "Administratoren".
KERR about 4 years

You can also add an AD group this way, eg: Add-LocalGroupMember -Group Administrators -Member "CONTOSO\Domain Admins"