VBS: Add domain user and group to local administrators

I have a piece of VBS code that I have modified that basically adds a specified domain user and group to the PCs local Administrators group. It works on Windows 7, but not on Windows 8 at all.
Call AddUserToGroup("./Administrators", "myDomain.net/NetworkAdminis")
Call AddUserToGroup("./Administrators", "myDomain.net/Domain Admins")
Call addDomainUser("myDomain", "myUserGroup")
Sub AddUserToGroup(local, domain)
Dim objLocalGroup
Dim objDomainGroup
Dim server
For Each server in servers
Set objLocalGroup = GetObject("WinNT://" & local & ",group")
Set objDomainGroup = GetObject("WinNT://" & domain & ",group")
With objLocalGroup
.Add(objDomainGroup.AdsPath)
.SetInfo
End With
Next
Set objLocalGroup = Nothing
Set objDomainGroup = Nothing
End Sub
Sub addDomainUser(strDomain, strUser)
Dim strComputer
Dim objWshNet
Dim objGroup
Dim objUser
Set objWshNet = CreateObject("WScript.Network")
strComputer = objWshNet.ComputerName
Set objGroup = GetObject("WinNT://" & strComputer & "/Administrators,group")
Set objUser = GetObject("WinNT://" & strDomain & "/" & strUser & ",user")
If Not objGroup.IsMember(objUser.ADsPath) Then
objGroup.Add (objUser.ADsPath)
End If
Set objWshNet = Nothing
Set objGroup = Nothing
Set objUser = Nothing
End Sub
I have debugged the code line by line using VBA's IDE and there seems to be no error condition firing. It executes all lines, but it is not adding the users and groups as it did with Windows 7 and below. The script is being run as local administrator.

Hi,
The first step is to comment out your On Error Resume Next line and try again.
Don't retire TechNet! -
(Don't give up yet - 13,225+ strong and growing)

Similar Messages

  • Remotely add Domain User to local group

    I've been playing with this for some time, and I seem to be missing something.  I am trying to develop a script that reads and XML file containing a list of computers, local groups, and names of domain users (and computers) to be added to the local
    groups.  I would like to be able to run this from a management workstation. 
    I've been working from these two posts.
    http://blogs.technet.com/b/heyscriptingguy/archive/2010/08/19/use-powershell-to-add-domain-users-to-a-local-group.aspx
    http://blogs.technet.com/b/heyscriptingguy/archive/2008/03/11/how-can-i-use-windows-powershell-to-add-a-domain-user-to-a-local-group.aspx
    It appears that the command $objGroup = [ADSI]("WinNT://atl-fs-001/Administrators") only works locally.  I have not been able to figure out any format that allows me to get the information remotely.  So I figured I would use Invoke-Command
    to execute the two lines of code remotely. 
    Invoke-Command -ComputerName RemoteServer {
    $de = [ADSI]"WinNT://RemoteServer/Administrators,Group"
    $de.psbase.invoke("Add",([ADSI]"WinNT://Domain/User").path)
    (I am trying it first with fixed, valid values - change to variables when I get things figured out.)  That gave me the error:
    Exception calling "Invoke" with "2" argument(s): "Number of parameters specified does not match the expected number."
    +CategoryInfo :NotSpecified: (:) [], MethodInvocationException
    +FullyQualifiedErrorID :DotNetMethodTargetInvocation
    +PSComputerName :RemoteServer
    I need help on what to try next.
    Thanks.
    . : | : . : | : . tim

    I've been playing with this for some time, and I seem to be missing something.  I am trying to develop a script that reads and XML file containing a list of computers, local groups, and names of domain users (and computers) to be added to the local
    groups.  I would like to be able to run this from a management workstation. 
    I've been working from these two posts.
    http://blogs.technet.com/b/heyscriptingguy/archive/2010/08/19/use-powershell-to-add-domain-users-to-a-local-group.aspx
    http://blogs.technet.com/b/heyscriptingguy/archive/2008/03/11/how-can-i-use-windows-powershell-to-add-a-domain-user-to-a-local-group.aspx
    It appears that the command $objGroup = [ADSI]("WinNT://atl-fs-001/Administrators") only works locally.  I have not been able to figure out any format that allows me to get the information remotely.  So I figured I would use Invoke-Command
    to execute the two lines of code remotely. 
    Invoke-Command -ComputerName RemoteServer {
    $de = [ADSI]"WinNT://RemoteServer/Administrators,Group"
    $de.psbase.invoke("Add",([ADSI]"WinNT://Domain/User").path)
    (I am trying it first with fixed, valid values - change to variables when I get things figured out.)  That gave me the error:
    Exception calling "Invoke" with "2" argument(s): "Number of parameters specified does not match the expected number."
    +CategoryInfo :NotSpecified: (:) [], MethodInvocationException
    +FullyQualifiedErrorID :DotNetMethodTargetInvocation
    +PSComputerName :RemoteServer
    I need help on what to try next.
    Thanks.
    . : | : . : | : . tim
    The ADSI commands work remotely as long as you are an administrator on the domain.
    Invoke-Command only works on systems set up for WinRM remoting and if you are an Administrator on the domain.
    Normally we would use AD and GP to add users to local groups.
    Your script is also incorrect.  Thisis the correct template.
    $remotepc='somepc'
    $de=[ADSI]"WinNT://$remotepc/Administrators,Group"
    $de.Add("WinNT://Domain/User")
    You should never the user to the admin group.  It is a formula for disaster.
    ¯\_(ツ)_/¯

  • Can not add Domain User to Local Admin Group Win8.1

    Hello, 
    I am trying to add a domain user to the local admin account on a Win8.1 Enterprise computer. When I click the check name button it asks me to enter network credentials even though I am signed in to the computer with a domain admin account. When I try to
    type in any of my domain admin accounts it says "The Username or Password is incorrect". Even though I used that same account to login with. I can successfully ping all 3 of my DCs from the computer and have tried putting my second DC as the primary
    DNS and my third DC as the primary DC and same problem. I have checked for Active Directory errors on the DC and everything says it is running fine on the DC in server manager. I have this problem on multiple computers. Some of the computers it will work on
    but 90% of them it won't allow me to add the local user to the local admin group. 
    DCs are running Win Server 2008 R2 Enterprise. 
    Any help would be greatly appreciated. 
    Thank You

    I would suggest you to use Restricted Group(via GPO) to add domain users/group to a local admins group 
    1)Create a new group in Active Driectory
    Create a new group in Active Driectory that you wish to add to every workstations local administrator group. DO NOT add any users to this group at this time.
    2.
    Create a new GPO
    Create a new group policy object and link it to the desired OU. Make sure that the GPO you are using covers the OU that the WORKSTATIONS you are wanting to give users local administrative rights over.
    3.
    Edit the newly created GPO
    Navigate within the newly created GPO to Computer Configuration -> Policies -> Windows Settings -> Security Settings --> Restricted Groups
    4.
    Add your new Active Directory group to the Restricted Group
    Right-click the Restricted Groups folder and select "Add Group" to add your new Active Directory group to the Restricted Group. In the Group field, type the name of the newly created Active Directory group and click "OK"
    5.
    Add the Restricted Group to the local administrator group
    In the Restricted Group Properties windows click "Add" under the section titled "This group is a member of:" Type "Administrators" (without the quotes and yes it is plural), in the Group Membership window and click "OK"
    6.
    Wait for GPO updates to apply to the workstations
    Once your users receive their updated group policy settings every workstation within the OU you specified will have your new Active Directory group as a member of the local administrators group. If you need to force the GPO update on a specific workstation,
    run "gpupdate /force" in a command window on that workstation.
    7.
    Add a user or group of users to the Active Directory Restricted Group
    When you are ready, or in a position where you need to provide local workstation admin rights you can simply add the users or group of users to the Active Directory group that you created for use with Restricted Groups within your Active Directory Management
    Console.

  • WINDOWS 8.1 - System Tools no longer displaying User and Group Settings after adding a new LOCAL user.

    I jumped on my parents computer, which is on a domain.  I added a new local user(with my live.com login) and gave it admin status.  That's when the trouble began.
    The main user profile disappeared.  I used the command prompt fix (see other fixes) to add the missing user back into admin.  I logged back in, and it set up the account for the first time (WTF?).  I cannot access any files from the main account
    (that I logged into just fine before to get this debacle started.)
    When going to Local Computer Management --> System Tools, my users and groups tool is missing.
    I ran lusrmgr.msc only to find out that the most current version of Windows 8.1 and this is what it said "This snapin may not be used with this edition of Windows 8.1.  To manage user accounts for this computer, use the User Accounts tool in the
    Control Panel."   <---- Awesome!  (that was sarcasm.)
    I have spent over two hours in the User Account tool during the course of this problem only to prove that a picture of a computer is more useful that that "tool".  
    To anyone reading this ticket, the best advice I can offer you (as long as its not a crucial machine) is to back up what you can gain access to, format your hard-drive and reinstall windows and start over again.  I wouldn't recommend reinstalling 8.1,
    I would say go back to 7 and wait until 10 comes out.   Windows 8 is the new Vista.  Good luck!

    Hello AhavahOlam,
    I can understand your feelings.
    If my understanding is right, after adding a new local user in domain-joined Windows 8.1, you can’t open the local users and groups.
    Can you still add account by going to Control Panel\User Accounts and Family Safety\User Accounts\Manage Accounts?
    As this computer is domain-based, it is recommended to contact the domain administrator to see if the option is blocked.
    Best regards,
    Fangzhou CHEN
    Fangzhou CHEN
    TechNet Community Support

  • Event ID 1085 on DC - Failed to Apply the Group Policy Local Users and Groups Settings

    I have a domain with 2 DCs.  The primary DC is running Server 2012 and is raising Event ID 1085 every 10 minutes and 20 seconds.
    Windows failed to apply the Group Policy Local Users and Groups settings. Group Policy Local Users and Groups settings might have its own log file. Please click on the "More information" link.
    System
    - Provider
    [ Name] Microsoft-Windows-GroupPolicy
    [ Guid] {AEA1B4FA-97D1-45F2-A64C-4D69FFFD92C9}
    EventID 1085
    Version 0
    Level 3
    Task 0
    Opcode 1
    Keywords 0x8000000000000000
    - TimeCreated
    [ SystemTime] 2014-10-20T20:09:03.706992400Z
    EventRecordID 130087
    - Correlation
    [ ActivityID] {FDDFB8C5-9ECF-41B9-B2B4-3AD0B345A37A}
    - Execution
    [ ProcessID] 1000
    [ ThreadID] 3280
    Channel System
    Computer SERVER.DOMAIN.NAME
    - Security
    [ UserID] S-1-5-18
    - EventData
    SupportInfo1 1
    SupportInfo2 4404
    ProcessingMode 0
    ProcessingTimeInMilliseconds 10343
    ErrorCode 183
    ErrorDescription Cannot create a file when that file already exists.
    DCName \\SERVER.DOMAIN.name
    ExtensionName Group Policy Local Users and Groups
    ExtensionId {17D89FEC-5C44-4972-B12D-241CAEF74509}
    Everything I look up for Event ID 1085 seems to be about a different cause.
    Any ideas?

    I enabled tracing on a domain gpo and I still get the error when running gpupdate /force .
    I'm also still getting Event 1085.  Here's the trace file.  I've anonymized the site/domain and the GUIDs.
    2014-10-21 11:16:54.003 [pid=0x3e8,tid=0xcd0] Entering ProcessGroupPolicyExLocUsAndGroups()
    2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] SOFTWARE\Policies\Microsoft\Windows\Group Policy\{GUID-1}
    2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] BackgroundPriorityLevel ( 0 )
    2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] DisableRSoP ( 0 )
    2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] LogLevel ( 2 )
    2014-10-21 11:16:54.018 [pid=0x3e8,tid=0xcd0] Command subsystem initialized. [SUCCEEDED(S_FALSE)]
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] Background priority set to 0 (Idle).
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ----- Parameters
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] CSE GUID : {GUID-1}
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] Flags : ( X ) GPO_INFO_FLAG_MACHINE - Apply machine policy rather than user policy
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( X ) GPO_INFO_FLAG_BACKGROUND - Background refresh of policy (ok to do slow stuff)
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_SLOWLINK - Policy is being applied across a slow link
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_VERBOSE - Verbose output to the eventlog
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_NOCHANGES - No changes were detected to the Group Policy Objects
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_LINKTRANSITION - A change in link speed was detected between previous policy application and current policy application
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_LOGRSOP_TRANSITION - A change in RSoP logging was detected between the application of the previous policy and the application of the current policy.
    2014-10-21 11:16:54.065 [pid=0x3e8,tid=0xcd0] ( X ) GPO_INFO_FLAG_FORCED_REFRESH - Forced Refresh is being applied. redo policies.
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_SAFEMODE_BOOT - windows safe mode boot flag
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPO_INFO_FLAG_ASYNC_FOREGROUND - Asynchronous foreground refresh of policy
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Token (computer or user SID): S-1-5-18
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Abort Flag : Yes (0x313be090)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] HKey Root : Yes (0x80000002)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Deleted GPO List : No
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Changed GPO List : Yes
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Asynchronous Processing : Yes
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Status Callback : No (0x00000000)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] WMI namespace : Yes (0x32273740)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] RSoP Status : Yes (0x320cc7f4)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Planning Mode Site : (none)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Computer Target : No (0x00000000)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] User Target : No (0x00000000)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Calculated list relevance. [SUCCEEDED(S_FALSE)]
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ----- Changed - 0
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Options : ( ) GPO_FLAG_DISABLE - This GPO is disabled.
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPO_FLAG_FORCE - Do not override the settings in this GPO with settings in a subsequent GPO.
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Options (raw) : 0x00000000
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] Version : 19267878 (0x01260126)
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPC : LDAP://CN=Machine,CN={GUID-2},CN=Policies,CN=System,DC=SITE,DC=DOMAIN
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPT : \\SITE.DOMAIN\sysvol\SITE.DOMAIN\Policies\{GUID-2}\Machine
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPO Display Name : Default Domain Policy
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPO Name : {GUID-2}
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] GPO Link : ( ) GPLinkUnknown - No link information is available.
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPLinkMachine - The GPO is linked to a computer (local or remote).
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPLinkSite - The GPO is linked to a site.
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( X ) GPLinkDomain - The GPO is linked to a domain.
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GPLinkOrganizationalUnit - The GPO is linked to an organizational unit.
    2014-10-21 11:16:54.081 [pid=0x3e8,tid=0xcd0] ( ) GP Link Error
    2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] lParam : 0x00000000
    2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Prev GPO : No
    2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Next GPO : Yes
    2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Extensions : [{00000000-0000-0000-0000-000000000000}{GUID-3}][{GUID-1}{GUID-3}][{GUID-4}{GUID-5}{GUID-6}{GUID-7}{GUID-8}][{GUID-9}{GUID-10}][{GUID-11}{GUID-5}{GUID-6}]
    2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] lParam2 : 0x3146f978
    2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Link : LDAP://DC=SITE,DC=DOMAIN
    2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Purge GPH : C:\ProgramData\Microsoft\Group Policy\History\{GUID-2}\Machine\Preferences\Groups\Groups.xml
    2014-10-21 11:16:54.096 [pid=0x3e8,tid=0xcd0] Read GPE XML data file (592 bytes total).
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ----- Changed - 1
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Options : ( ) GPO_FLAG_DISABLE - This GPO is disabled.
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GPO_FLAG_FORCE - Do not override the settings in this GPO with settings in a subsequent GPO.
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Options (raw) : 0x00000000
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Version : 1245203 (0x00130013)
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPC : LDAP://CN=Machine,CN={GUID-12},CN=Policies,CN=System,DC=SITE,DC=DOMAIN
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPT : \\SITE.DOMAIN\sysvol\SITE.DOMAIN\Policies\{GUID-12}\Machine
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPO Display Name : Default Domain Controllers Policy
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPO Name : {GUID-12}
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] GPO Link : ( ) GPLinkUnknown - No link information is available.
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GPLinkMachine - The GPO is linked to a computer (local or remote).
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GPLinkSite - The GPO is linked to a site.
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GPLinkDomain - The GPO is linked to a domain.
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( X ) GPLinkOrganizationalUnit - The GPO is linked to an organizational unit.
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] ( ) GP Link Error
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] lParam : 0x00000000
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Prev GPO : Yes
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Next GPO : No
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Extensions : [{00000000-0000-0000-0000-000000000000}{GUID-3}][{GUID-1}{GUID-3}][{GUID-9}{GUID-10}]
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] lParam2 : 0x324e8198
    2014-10-21 11:16:54.112 [pid=0x3e8,tid=0xcd0] Link : LDAP://OU=Domain Controllers,DC=SITE,DC=DOMAIN
    2014-10-21 11:16:54.127 [pid=0x3e8,tid=0xcd0] Purge GPH : C:\ProgramData\Microsoft\Group Policy\History\{GUID-12}\Machine\Preferences\Groups\Groups.xml
    2014-10-21 11:16:54.127 [pid=0x3e8,tid=0xcd0] Read GPE XML data file (592 bytes total).
    2014-10-21 11:16:54.143 [pid=0x3e8,tid=0xcd0] Completed get next GPO. [SUCCEEDED(S_FALSE)]
    2014-10-21 11:16:54.143 [pid=0x3e8,tid=0xcd0] WQL : SELECT * FROM RSOP_PolmkrSetting WHERE polmkrBaseCseGuid = "{GUID-1}"
    2014-10-21 11:16:54.143 [pid=0x3e8,tid=0xcd0] Purged 2 old RSoP entries.
    2014-10-21 11:16:54.143 [pid=0x3e8,tid=0xcd0] Logging 2 new RSoP entries.
    2014-10-21 11:16:54.159 [pid=0x3e8,tid=0xcd0] RSoP Entry 0
    2014-10-21 11:16:54.174 [pid=0x3e8,tid=0xcd0] RSoP Entry 1
    2014-10-21 11:16:54.174 [pid=0x3e8,tid=0xcd0] Completed get GPO list. [SUCCEEDED(S_FALSE)]
    2014-10-21 11:16:54.174 [pid=0x3e8,tid=0xcd0] IsRsopPlanningMode() [SUCCEEDED(S_FALSE)]
    2014-10-21 11:17:04.252 [pid=0x3e8,tid=0xcd0] Completed settings update (csePostProcess). [ hr = 0x800700b7 "Cannot create a file when that file already exists." ]
    2014-10-21 11:17:04.252 [pid=0x3e8,tid=0xcd0] Completed CSE post-processing. [ hr = 0x800700b7 "Cannot create a file when that file already exists." ]
    2014-10-21 11:17:04.267 [pid=0x3e8,tid=0xcd0] Leaving ProcessGroupPolicyExLocUsAndGroups() returned 0x000000b7

  • Difference between AD domain user and local user

    Hello, I think the title is self explanatory. I am trying to figure out difference between AD domain user and local user. SAP Help wasnt very helpful.
    Thanks.

    Hi,
    It's about where the user accounts are kept. Domain users are users that are entered into the domain users group on a domain controller. These domain users can be centrally managed at the server. Whereas the local users are the users created in the local system.
    In BPC, you can select users from either of them or in combination as well. However, If you want to make change in the local user credentials, you need to login to the system in which the user has been created and make the changes there. On the other hand, changes to domain users can be made from any domain connected machine with the right software and the necessary rights. The changes only need to be made once.
    Hope this helps.

  • I can no longer use all of the "Computer Management" tools against a remote computer. "Local Users and Groups", "Event Viewer", "Performance Logs and Alerts" and "Device Manager"

    Hello All,
    I can no longer use all of the "Computer Management" tools against a remote
    computer. "Local Users and Groups", "Event Viewer", "Performance Logs and
    Alerts" and "Device Manager"
    kindly see the below snapshot for assistance
    REGARDS DANISH DANIE

    This link may help....
    http://windowsxp.mvps.org/admintools.htm
    Freeman

  • Local Users and Groups

    I've searched all of the associated links on this subject and they don't solve my problem.  I do now get that, since I have 8.1 home, I do not have access to the Local Users and Groups feature and that is fine; I am essentially the only user on my new
    computer.  My problem is the following:
    I bought a new Dell Inspiron 2350 and, using Carbonite, migrated everything over to it from my previous XP computer.  There are a number of folders to which I am not granted access, such as My Pictures; the only advice the error messages give is to
    change the access permissions, but I am not allowed to do that.  I am only advised to use the Local Users feature to be able to do that.  See my problem?? How do I negate all that stuff so that I can access all the files and folders that were brought
    onto my new computer?

    Did you try taking ownership ?
    http://technet.microsoft.com/en-in/library/cc753659.aspx
    Arnav Sharma | http://arnavsharma.net/ Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading
    the thread.

  • How to add domain users in RDP in Windows 2012R2

    I just setup Windows 2012 R2 standard server, need to setup domain users to access server via RDP.
    I have read many articles about it, and created a group policy, also add domain users group and individual domain user in Remote Desktop Users. Each user has local workstation administrator privileges.
    When log in to windows 7 pro, domain users still got error as the screenshot below. (administrator can RDP to server). Any one has an idea?

    On DC server:
    Run gpedit.msc
    Browse to Computer Configuration -> Windows settings -> Security Settings -> Local policies -> User Rights Assignment
    Edit "Allow log on through terminal services"
    Add domain users/groups
    Run gpupdate /force

  • How do I add a user's group calendar in iCal?

    How do I add a user's group calendar in iCal?
    I just keep getting "the account was not found"
    But the account works for its own network calendar.
    None of the following locations work -
    master.mydomain.net:8008/principals/groups/domainusers/calendar
    master.mydomain.net:8008/principals/wikis/domainusers/calendar
    master.mydomain.net:8008/calendars/_uids_/wiki-domainusers/calendar
    and every variation I can think of (I've tried master.local, http:// & webcal:// and a / at the end)
    I can add a users network calendar account to iCal.
    I can subscribe to a group / wiki calendar in iCal.
    I can add an event on the wiki calendar as a user.
    But I want a user to be able to add an event to a group calendar in iCal.
    Any ideas would be appreciated.

    Hi!
    I've got the same weird problem..
    I tried that url and I can open it in Safari and I even can add the calander in iCal on a macbook with 10.5 - but i just can't add it on my macbookpro with snow leopard.
    Did anybody made that work on a snow leopard machine?
    Best regards,
    Fabian

  • How to reset users and groups in Server.app?

    Recently after change settings in the Server.app (like turn off/on open directory, delete/add certificates), I got a strange problem:
    In the users and groups list, it display all local users and groups (looks like system users and groups, about 100 users and groups, but this is a new server)
    I tried reset the server.app by following
    howto reinstall/reinitialize os x server
    http://support.apple.com/kb/HT200271?viewlocale=en_US
    These users and groups still showing there.
    Have you seen this before and how can I completely reset the server.app to factory default so that I can start over the set up?

    In theory, that should restore the users.  You can do some surgery if you are really brave.  But the reinstall generally should be enough. 
    These accounts are in the DSLocal data store.  Basically, this is very similar to the any OS X machine.  Apple keeps a default copy of the Local Database here:
    /System/Library/DirectoryServices/DefaultLocalDB/Default
    Should you need to reset a machine to the default local database, you can remove the current database (/var/db/dslocal/nodes/Default) and then copy the default one to the same location.  I would not go this far unless the reinstall was unsuccessful. 
    To check, you can run this command:
    dscl . list /Users
    That will list all the Users in the local DB.   To get a count, pipe to wc
    dscl . list /Users | wc -l
    On a Server that I just jumped on, I see 79 users and 111 groups (dscl . list /Groups | wc -l)  But this is a system will man SACL groups so I likely have more than the default.
    Hope this continues to help.  Probably more info that you want. 
    Reid
    Apple Consultants Network
    Author "Mavericks Server – Foundation Services" :: Exclusively available in Apple's iBooks Store
    Author "Mavericks Server – Control and Collaboration" :: Exclusively available in Apple's iBooks Store

  • Migrating Users and Groups from Windows 2000 server to Windows 2013 Standard.

    OK...let me see if I can get this question out the way I need to....
    I inherited a Windows 2000 Server that's on it's last legs.  We have a new server, a Windows 2013 Standard machine that we just recently purchased.  I need to migrate the users and groups over to the new server, but there are two things that are
    making it difficult:
     The 2000 machine is NOT a Domain Controller
    The 2000 machine is NOT running Active Directory
    This is a file server that hangs onto another network of which I have no control of.  It has its' own IP address and there is NO WAY we can run Active Directory or make it a domain controller.
    I have close to 300 users, groups, and printers to bring over to the new server.  Rather than kill myself doing manual input, is there any other way to do this? 

    Hi,
    When you import the CSV file to new server, you need to create a new user account then import the CSV.
    http://blogs.technet.com/b/heyscriptingguy/archive/2014/10/01/use-powershell-to-create-local-users.aspx
    If you have any issue, i suggest you could ask in PowerShell forums:
    https://social.technet.microsoft.com/Forums/en-US/home?forum=winserverpowershell
    Regards.
    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • Manage users and groups on 10.5 client like 10.5 server?

    can anyone recommend software for managing local users and groups on 10.5 client? we only need filesharing and don't need the added expense of OS X Server.
    thanks

    oh, right. we can add users with the File Sharing pref pane and can add groups under the Accounts pref pane.
    i'm assisting a friend reconfigure a 'server' (os x client box) that was damaged.
    i'd like to create a new group and then add a handful of users to that group for filesharing. these users don't really need to access the mac for local login.
    they are using Windows Vista from the clients and the way it's set up now, if a user connects and modifies/creates a file, no one else can then modify the file. we have to run chmod on the file/directory for everyone to be able to change it. i'd like to configure it so the permissions work correctly without having to do this.

  • Assigning Roles to Users and Groups

    Hi,
    We have installed EP 5.0 SP4...with Content Management...we configured the LDAP to Portal......all the users are maintained through LDAP only...the problem is assigning the Role's to user..here in portal how to assign the roles to the users...we are not getting the Role assignment option under Portal Admin TAB..is there any way to configure the roles to User's are Group's.....
    it is an urgent assignment for me..help can be appreciated...
    sudhir

    Sudhir,
    You can assign the roles to users and groups as below.
    1. Select the System Administration in the top level navigtion
    2. Select user administration
    3. You can search for a specific user or a group from this iView.
    4. Use the edit button to edit the profie of the user or group.
    5. Search for the role in the search iView.
    6. Add the role to the user of group and save.

  • Upgraded to 3.1 and lost all users and groups.  How do we get them back?

    We ran the update to Server 3.1 (from 3.0) on our Mavericks Mac-Mini Server.
    Everything had been fine before the update, but now all users and groups have completely disappeared.
    The only user we have is the main administrator log-in.
    Since we verified that all of our data, wikis, and other items are still in place, it might be easier to just re-create the groups and users (and permission therein).
    But, we cannot log into Workgroup Manager, nor can we add users/groups in the Server app (because it is "grayed-out").
    Can somebody please provide a suggestion??
    We are a small engineering firm with only 5 users, so it's not like this would take all day.
    Thanks, Mike

    Have you tried
    sudo sso_util configure -r REALM_NAME -a diradmin afp
    (cf. Lion Server: AFP users unable to authenticate with Kerberos after upgrading)in Apple Support ?
    p.

Maybe you are looking for

  • New to flash and fireworks

    I've worked with frontpage and dreamweaver on simple websites. Now I want to publish pictures to my site. My problem is tht I want to install a picture a a hair style. I want to display the front and bsvk of the style. Which do I use(Flash of Firewor

  • Iphone 3GS has "169..." IP address after replacing old Airport Express

    My 3GS is no longer connecting to my home network after replacing my old airport express. Previously my old G5 iMac would have problems connecting to the old airport express, BUT my iPhone 3GS would reliably connect. After installing this new airport

  • Financial Reporting Studio under Citrix-Can Save Report but not Revisions

    Hyperion BI+ 9.2.0.2 Financial Reporting Studio does not run on desktop using Windows Vista so trying Citrix (Presentation Server 4.0 running under Windows 2003 SR2). I can edit an existing report or create and save a new report but CANNOT resave any

  • Name of channel

    Hello, I've not gone near DIAdem for a while, and now am sat here confused over something which is probably pretty simple. In part of my script, I want it to go through all my channels, and greate a separate group with the name of the original channe

  • What happened to the size in mb of each email? found it useful...

    any way to show the size of each email (in mb) as in the past?