Add domain group to local computer administrators command line

Is it possible to add domain group to local group via command line?

I can add specific users or domain users, but not a group. I would prefer to stick with a command line, but vbscript might be okay. We are looking for a solution that doesn't involve GPOs because this is just for a couple of rooms on our campus and just once.

net localgroup "Administrators" "myDomain\Username" /add

works but

net localgroup "Administrators" "myDomain\Local Computer Administrators" /add

doesnt

PsychoData

Posted 2014-10-13T14:02:20.567

Reputation: 1 331

Answers

net localgroup seems to have a problem if the group name is longer than 20 characters. You can try shortening the group name, at least to verify that character limitation. By the way, net localgroup uses the pre-Windows 2000 name of the group, the sAMAccountName AD attribute.

I would still recommend that you use GPO for this, as it will be easier to add the group to the local Administrators group, especially since you won't have to rename your group. Also, it will be easier to remove the domain group from the local group once the need has passed.

Patrick Seymour

Posted 2014-10-13T14:02:20.567

Reputation: 7 662

If I use a GPO, wont it revert after logoff? – PsychoData – 2014-10-13T14:21:03.977

The GPO will be enforced as long as it applies to the machine, that is, as long as the machine is in an OU to which the GPO applies. – Patrick Seymour – 2014-10-13T14:22:38.773

And it will be set everytime the computer boots or logs on (depending where I'm applying it) right? Why not just make the change once and be done with it. This is something we want standard on all our computers and these were done wrong before we imaged them. – PsychoData – 2014-10-13T14:25:22.470

I guess it's more of an enforcement thing, to make sure the configuration you want is always applied. It's not like GPO processing takes minutes; it's in the sub-seconds range for group membership enforcement. If you use GPO Preferences instead of the Restricted Groups policy, you can apply once and never apply again. Anyway, that part of my reply was just a recommendation. – Patrick Seymour – 2014-10-13T15:39:26.457

So, patrick, what if I was to make the GPO, make sure all of the machines had it applied to them and then deleted the GPO again? Would the affects of the GPO persist? or would they revert? – PsychoData – 2014-10-26T16:28:42.067

The effects would persist, as long as no other outside influences exist (other GPOs, etc.). – Patrick Seymour – 2014-10-29T16:16:11.060

-1

Add the group to the Administrators group by going to

control userpasswords2

and then press the Add button.

Or, use

lusrmgr.msc

EdG

Posted 2014-10-13T14:02:20.567

Reputation: 616

a Very fine way to add them, via GUI. I specified command line or script. – PsychoData – 2014-10-13T14:43:46.933

You preferred* it – EdG – 2014-10-14T15:26:41.810

"Prefer" was a polite way if saying "I'm not interested in GUI because I don't want to go through some 60 computers and do that on all of them" – PsychoData – 2014-10-15T11:47:02.367

I don't think prefer is defined like that. Say what you actually mean, I can't read your mind. – EdG – 2014-10-15T16:51:00.577

Even if you stick hard by the fact I said prefer to stick to commandline (meaning NOT GUI) I still offered the alternative to command line as vbsript and made a point that I would rather not do it via GPOs. Read the question instead of defending your small niche of me not explicitly saying that I didn't want a GUI interface solution, even though I did say I wanted a command line solution or vbscript (that I could then run via command line) – PsychoData – 2014-10-21T13:03:02.657

the topic literally says command line. why would the use of the word prefer override or negate the actual title of the post? This answer should have more downvotes. – Jeremy – 2016-04-04T22:58:55.043