Add AD group to local admins

[Briandr]

Hi,

when this relatively simle script is executed remotely with SCCM or Altiris this script works fine. When executed as a stand-alone VBS it does not error out, but it does not add the AD group I want to local admins.

Option Explicit
Dim strComp, oGrp, oUsr
On Error Resume Next
strComp = "."
Set oGrp = GetObject("WinNT://" & strComp & "/Administrators")
Set oUsr = GetObject("WinNT://MYDOMAIN/ourtechs")
oGrp.Add(oUsr.ADsPath)

Thoughts or code revision suggestions appreciated.

 

[Briandr]

After researching this I found a script that appears to work:

Option Explicit

Dim strComputer
Dim strDomain
Dim strLocalGroup
Dim strDomainAdminGroup
Dim ws
Dim addGrp

strComputer = "."
strDomain = "mydomain"
strLocalGroup = "Administrators"
strDomainAdminGroup = "ourtechs"

Call AddGroups()

Sub AddGroups()
Set ws = WScript.CreateObject ("WScript.Shell")
Set addGrp = GetObject ("WinNT://" & strComputer & "/Administrators, group")

On Error Resume Next

addGrp.Add ("WinNT://" & strDomain & "/" & strDomainAdminGroup & ", group")
End Sub


One thing that is bugging me is why when added to 'Local Administrators' is 'mydomain\ourtechs' appear as 'MYDOMAIN\OURTECHS'

Anyone?

 

[markdmac]

As much as I love VBScript, have you looked into Restricted Groups in AD? They allow you to add groups or users to the local admins via group policy, furthermore they will clean up the groups by removing anyone not in the list.

I hope that helps.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.