Create Local Group on Member Servers

Guys,
I have put together below script (thanks to everyone for posting great scripts). I have copied some part of the script from the forum examples.
This script will take Input, create Domain group and add that domain group to the number of member servers listed in the text file.
So far so good, my this script works fine.
Question - I need to add functionality in the script to create new local group on member servers using same variable and Add the Domain group (created using same variable) in the newly created local group on member servers.
I also want to have an output file for the failed hosts.
Appreciate your help.
==============================================
# input
$Name = Read-Host "Write Policy Name"
#Create Domain User Group
NEW-ADGroup -Name ${Name}_UserGroup –groupscope Global -path "ou=Test,DC=Lab,DC=Local" -Description "${Name} Domain users Group"
#Read Servers from the Text File
$Servers = Get-Content c:\temp\${Name}_Servers.txt
#Initialize the Domain Group Object
$DomainGroup = [ADSI]"WinNT://Lab.local/${Name}_usergroup,group"
#Add Domain group to the local Remote Desktop Group on member servers
ForEach ($Server in $Servers) #Loop through each server
#Get Local Group object
$LocalGroup = [ADSI]"WinNT://$Server/Remote Desktop Users,group"
#Assign DomainGroup to LocalGroup
$LocalGroup.Add($DomainGroup.Path)
==============================

You don't need scripts to manage local groups.
Group Policy can do this for you.
-- Bill Stewart [Bill_Stewart]

Similar Messages

Cannot see the members of the local group on member server!

Hi all,
I have two Windows Server 2008 member servers in a domain, 1 Exchange Server 2010 and 1 WSUS 3.0. When I open the properties of the local Administrator
group on the WSUS server I only see the Administrator being the member of this group. When I add any group/user from the domain to the local Administrator group, I get the following message:
"Group Name" is already a member of group "Administrator".
However, I do not see any other group/user as a member in the property page of the local Administrator group! This is not the case on the Exchange
server! I removed the WSUS server from the domain and re-join it to the domain but this did not help nor did a restart of the server.
Thanks in advance,
This posting is provided AS-IS with no warranties or guarantees and confers no rights.

Okay,
agree with Awinish.
Also, check if there is a restricted groups policy that is applied. AFAIK, it deletes actual members of the wanted group and adds the members mentioned in the group policy. I am not sure but check it.
This
posting is provided "AS IS" with no warranties or guarantees , and confers no rights.
Microsoft
Student Partner 2010 / 2011
Microsoft Certified
Professional
Microsoft Certified
Systems Administrator: Security
Microsoft Certified
Systems Engineer: Security
Microsoft Certified
Technology Specialist: Windows Server 2008 Active Directory, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Network Infrastructure, Configuration
Microsoft Certified
Technology Specialist: Windows Server 2008 Applications Infrastructure, Configuration
Microsoft Certified
Technology Specialist: Windows 7, Configuring
Microsoft Certified
IT Professional: Enterprise Administrator

Need a Way to Create a Local Group Push via GPO on Windows Server 2003 DC

There is a new requirement to create a new local group on all machines and add all local and built-in administrators. To save time, I would like a GPO to create the new group, along with configuring its members. Any helpful information I found
is for Windows Server 2008 and up.
Does anyone know what I can do with my Windows Server 2003 DC?
Thanks,
Jasmin

> Does anyone know what I can do with my Windows Server 2003 DC?
Since DCs do not have local groups - what OS are your member servers and
clients running? If 2003/XP: Install KB943729
You need _one_ computer running Vista/2008 or higher to edit your GPO.
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :))

My SCCM 2007 Secondary Site Servers have multiple "SMS_SiteSystemToSiteServerConnection_ SiteCode " and "SMS_SiteToSiteConnection_ SiteCode " local groups

My organization is going through a SCCM 2012 migration and I was asked about our current SCCM 2007 Secondary Sites and when I remoted into my secondary site servers I saw that two of the three servers have multiple "SMS_SiteSystemToSiteServerConnection_<SiteCode>"
and "SMS_SiteToSiteConnection_<SiteCode>" local groups.
This just seemed quite odd and I wanted to know if anyone has dealt with this before.
Thank you

Thanks for your reply Eswar.
One of the SMS_SiteToSiteConnection_<SiteCode>
groups on two of my Secondary Site servers I believe are configured correctly and they both have my Primary Site Server as a member, but the
SMS_SiteSystemToSiteServerConnection_<SiteCode> group is empty. Is the
SMS_SiteSystemToSiteServerConnection_<SiteCode> group supposed to contain my Primary Site server as well? Both the SMS_SiteSystemToSiteServerConnection_<SiteCode>
and the
SMS_SiteToSiteConnection_<SiteCode> groups on my Primary Site Server have my Secondary Site Servers as members.
Is this correct?
I'm wondering now if the strange groups with the odd site codes that don't even exist were created when the secondary sites were initially being created a while back. From the documentation, it looks like the former admin initially configured the secondary
sites using a PowerShell script created by Kaido Jarvemets. According to some of the notes I have read, the admin kept uninstalling and re-installing the sites when they were not showing up in the SCCM 2007 Admin console, but apparently they simply forgot
to configure a Sender and an Address, if that makes any sense to you.
So, perhaps these groups ending with an odd Secondary Site code may have been a typo during one of the installation attempts? If this is the case, can these groups be deleted?
One thing I forgot to mention was that the Secondary Site servers belong to a Global Security AD group and that group is used to add them to both the SMS_SiteSystemToSiteServerConnection_<SiteCode
and the SMS_SiteToSiteConnection_<SiteCode>
groups on the Primary Site server.
Is this allowed?
Thanks

Local Groups Membership on All Servers in the Network

Hi,
I have about 150 servers running Windows Server 2008 R2. Most of them are domain members but some are standalone (workgroup). There is only one Forest and one Domain.
I need to generate a list/report with users names and group names that are member of local "Administrators" and "Remote Desktop Users" groups on every server in the network.
I certainly don't want to log into each server one-by-one to generate reports. I might have to do that on Standalone servers, but at least I want to generate this remotely on all domain joined servers.
Any ideas how it can be done? Windows PowerShell (I would need the script), some other built-in tool, or third-party tool.

You can use net localgroup <group> command to get local group membership. To run this remotely, you can use
psexec. You can mainly create a script that gets the list of domain-joined servers from AD and then runs
psexec against them for data extraction.
This posting is provided AS IS with no warranties or guarantees , and confers no rights.
Ahmed MALEK
My Website Link
My Linkedin Profile
My MVP Profile

Getting All Local Groups, Group Members and Local accounts on all Servers

Hello Everyone,
Sorry if this has been covered already, but I didnt see anything that quite answered my question.
I've been given the task of generating an Access Control List here at work and I've managed to piece together a few scripts that gets me so close it's frustrating.
The script I have now will parse through a text file with all my Windows servers listed in it and it does output in the console the server name, all of the groups on the server (Administrators, Remote Users, Backup Operators, etc.) and all the individual
members of those groups and nested groups.
However, I can't seem to get it to export to a CSV for easy digestion. I've tried to pipe the export-csv command, but the csv it gives me doesnt have any useful information in it.
Here is the script:
$list =@()
$Servers=Get-Content ListOfComputers.txt
foreach($server in $Servers) {
$server | % {
$server = $_
$server
$computer = [ADSI]"WinNT://$server,computer"
$computer.psbase.children | where { $_.psbase.schemaClassName -eq 'group' } | foreach {
"`tGroup: " + $Group.Name
$group =[ADSI]$_.psbase.Path
$group.psbase.Invoke("Members") | foreach {
$us = $_.GetType().InvokeMember("Adspath", 'GetProperty', $null, $_, $null)
$us = $us -replace "WinNT://",""
$class = $_.GetType().InvokeMember("Class", 'GetProperty', $null, $_, $null)
$list += new-object psobject -property @{Group = $group.Name;Member=$us;MemberClass=$class;Server=$server}
"`t`tMember: $us ($Class)"
The format it pumps out to the console is good, other than it's somewhat upside down, the members are all listed above the group name such as below, where there's no members in the Administrators group, but User1, 2 and 3 are part of the Remote Desktop Group.
This isn't horrible as I can cut and paste it out of the console and into a spreadsheet, but then i have to shift things up a row and doing that for the entire list is going to be way more work than I'd like.
Server01
Administrators
User1
User2
User3
Remote Desktop Users
When I use export-csv on the script above I get a bunch of numbers rather than groups or members like this:
Length
13
51
40
35
63
63
35
32
Hopefully, there's someone out there who can help me tweak this script so that I can just dump it all to a csv and be done, with little to no massaging of the data afterward.
Thanks in advance,
Tyler

Sure. After you've run the script, type this in the console:
$list | Export-Csv .\groupInformation.csv -NoTypeInformation
You'll then have a CSV file in the directory, open that with Excel and see if that gives you the information you're after.
Don't retire TechNet! -
(Don't give up yet - 13,085+ strong and growing)

A member was added or deleted to a security-enabled local group. (4732 and 4733)

Hi Team,
We are getting below alerts continuously. it is specifying that user is adding and removing from security group. But it is happening automatically and we've checked no one is performing such operation. And we read on some site it happened on domain controller
but also our share point farm server is not on domain controller. Please find the alert below and suggest what we should do so that we'll not get this alert again. Thanks in advance.
A member was added to a security-enabled local group.
Subject:
Security ID:
POSTEN\s-sharep_farm
Account Name:
S-ShareP_Farm
Account Domain:
POSTEN
Logon ID:
0x8a121
Member:
Security ID:
NETWORK SERVICE
Account Name:
Group:
Security ID:
BUILTIN\IIS_IUSRS
Group Name:
IIS_IUSRS
Group Domain:
Builtin
Additional Information:
Privileges

Hi Kamal,
Per my knowledge, SharePoint does not have the function to audit the changes in domain groups.
What is “From” email address of the alerts?
Please check if you have configured Windows System Resource Manager to send e-mail notifications when an event is logged firstly.
https://technet.microsoft.com/en-us/library/cc732728.aspx
And it seems that the System Center Operations Manager(SCOM) can set the alert for auditing the changes to the local group membership.
Please also check if you have installed SCOM and set rule to send the alerts in SCOM.
http://blogs.technet.com/b/nzdse/archive/2009/11/10/audit-alert-scenarios-system-center-operations-manager-opsmgr-2007-r2.aspx
Best regards.
Thanks
Victoria Xia
TechNet Community Support

How to create a group of servers where monitor runs of one of them

Hello,
I have a group of Linux servers where I want to monitor some processes. Important is that the process have to run minimum 1 and maximum 1 time on server A or B or C. If I add my server group to the process monitor I got error events that the process is not
running on server A and C because B is actually the active one.
How can I configure that this process has to run 1 time on one of these servers?
Regards, Doreen

Hi,
How about trying aggregate monitor?
Aggregate monitors group multiple monitors to provide a single health aggregated health state. This provides an organization to all of the monitors targeted at a particular class and provides a consolidated health state for specific categories of
operation.
Please refer to the below link for more details:
https://technet.microsoft.com/en-us/library/hh457599.aspx
Regards,
Yan Li
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

HT3529 How do you send a message to a group of people. I want to invite our local friends to a birthday party. I have created a group called "Centerville Gang". The group has about 12 people in it. Is there a way I can select this group to receive thi

I want to invite 12 people to a birthday party. I have created a group called "Centerville Gang" I want to send just one message to all of these people. I would think there would be a way to select this group as the recipients once instead of doing 12 searches through my contacts to get all of the members in the group but I cant seem to figure it out. I must be missing something. Can you help?

Contact groups do not allow for group emailing. they are just an organizational tool for the contacts list.

Unable to modify or create Protection Groups in DPM 2012 R2 - Error: 31220

"DPM failed to apply the required policies to this protection group since the recovery point limit for this DPM server has been exceeded. (ID: 31220)"
I am trying to add new data sources to our DPM server and continually run into the above message. I get the same error whether I attempt to create a new Protection Group and add the data sources to it... or if I attempt to modify an existing Protection Group
to add data sources to it. I can guess that the obvious answer is "You have too many data sources or to many recovery points for the server to handle..." If that's the case, I need to figure out how to tell how many I have. As best as I can figure
myself, I have less than 150 data sources and less than 2500 recovery points/snapshot/express-full. If there is a tool or a command that I can run to tell that, I'd be grateful to anyone who can point me in that direction.
I have tried to remove inactive member servers that no longer exist from our Protection Groups... no effect. I have tried to completely delete the removed server's data from replica... no effect. We began seeing this issue in 2012 SP1, so I ran
through the upgrade to 2012 R2 hoping that it would resolve the issue... no effect. I am able to remove members from our Protection Groups, but if I try to add an entirely new member or even just a single DB on an already protected member... fails with
above message. I also tried to adjust the retention and backup schedule... fails with above error.
Other than the stock answer from Microsoft that I am truly exceeding some limit, is there any other underlying issue that can cause this to be mis-reported to me? I hope that SOMEONE has an answer or guidance for me.

Hi,
Another DPM PowerShell script - this one allows you to delete older recovery points for a selected datasource without having to modify the PG.
#Author : Ruud Baars
#Date : 11/09/2008
#Edited : 11/15/2012 By: Wilson S.
#edited : 11/27/2012 By: Mike J.
# NOTE: Update script to only remove recovery points on Disk. Recovery points removed will be from the oldest one up to the date
# entered by the user while the script is running
#deletes all recovery points before 'now' on selected data source.
$version="V4.7"
$ErrorActionPreference = "silentlycontinue"
add-pssnapin sqlservercmdletsnapin100
Add-PSSnapin -Name Microsoft.DataProtectionManager.PowerShell
$MB=1024*1024
$logfile="DPMdeleteRP.LOG"
$wait=10 #seconds
$confirmpreference = "None"
function Show_help
cls
$l="=" * 79
write-host $l -foregroundcolor magenta
write-host -nonewline "`t<<<" -foregroundcolor white
write-host -nonewline " DANGEROUS :: MAY DELETE MANY RECOVERY POINTS " -foregroundcolor red
write-host ">>>" -foregroundcolor white
write-host $l -foregroundcolor magenta
write-host "Version: $version" -foregroundcolor cyan
write-host "A: User Selects data source to remove recovery points for" -foregroundcolor green
write-host "B: User enters date / time (using 24hr clock) to Delete recovery points" -foregroundcolor green
write-host "C: User Confirms deletion after list of recovery points to be deleted is displayed." -foregroundcolor green
write-host "Appending to log file $logfile`n" -foregroundcolor white
write-host "User Accepts all responsibilities by entering a data source or just pressing [Enter] " -foregroundcolor white -backgroundcolor blue
"**********************************" >> $logfile
"Version $version" >> $logfile
get-date >> $logfile
show_help
$DPMservername=&"hostname"
"Selected DPM server = $DPMservername" >> $logfile
write-host "`nConnnecting to DPM server retrieving data source list...`n" -foregroundcolor green
$pglist = @(Get-ProtectionGroup $DPMservername) # WILSON - Created PGlist as array in case we have a single protection group.
$ds=@()
$tapes=$null
$count = 0
$dscount = 0
foreach ($count in 0..($pglist.count - 1))
# write-host $pglist[$count].friendlyname
$ds += @(get-datasource $pglist[$count]) # WILSON - Created DS as array in case we have a single protection group.
# write-host $ds
# write-host $count -foreground yellow
if ( Get-Datasource $DPMservername -inactive) {$ds += Get-Datasource $DPMservername -inactive}
$i=0
write-host "Index Protection Group Computer Path"
write-host "---------------------------------------------------------------------------------"
foreach ($l in $ds)
"[{0,3}] {1,-20} {2,-20} {3}" -f $i, $l.ProtectionGroupName, $l.psinfo.netbiosname, $l.logicalpath
$i++
$DSname=read-host "`nEnter a data source index from list above - Note co-located datasources on same replica will be effected"
if (!$DSname)
write-host "No datasource selected `n" -foregroundcolor yellow
"Aborted on Datasource name" >> $logfile
exit 0
$DSselected=$ds[$DSname]
if (!$DSselected)
write-host "No datasource selected `n" -foregroundcolor yellow
"Aborted on Datasource name" >> $logfile
exit 0
$rp=get-recoverypoint $DS[$dsname]
$rp
# $DoTape=read-host "`nDo you want to remove when recovery points are on tape ? [y/N]"
# "Remove tape recovery point = $DoTape" >> $logfile
write-host "`nCollecting recoverypoint information for datasource $DSselected.name" -foregroundcolor green
if ($DSselected.ShadowCopyUsedspace -gt 0)
while ($DSSelected.TotalRecoveryPoints -eq 0)
{ # "still 0"
#this is on disk
$oldShadowUsage=[math]::round($DSselected.ShadowCopyUsedspace/$MB,1)
$line=("Total recoverypoint usage {0} MB on DISK in {1} recovery points" -f $oldShadowUsage ,$DSselected.TotalRecoveryPoints )
$line >> $logfile
write-host $line`n -foregroundcolor white
#this is on tape
#$trptot=0
#$tp= Get-RecoveryPoint($dsselected) | where {($_.Datalocation -eq "Media")}
#foreach ($trp in $tp) {$trptot += $trp.size }
#if ($trptot -gt 0 )
# $line=("Total recoverypoint usage {0} MB on TAPE in {1} recovery points" -f ($trptot/$MB) ,$DSselected.TotalRecoveryPoints )
# $line >> $logfile
# write-host $line`n -foregroundcolor white
[datetime]$afterdate="1/1/1980"
#$answer=read-host "`nDo you want to delete recovery points from the beginning [Y/n]"
#if ($answer -eq "n" )
# [datetime]$afterdate=read-host "Delete recovery points AFTER date [MM/DD/YYYY hh:mm]"
[datetime]$enddate=read-host "Delete ALL Disk based recovery points BEFORE and Including date/time entered [MM/DD/YYYY hh:mm]"
"Deleting recovery points until $enddate" >>$logfile
write-host "Deleting recovery points until and $enddate" -foregroundcolor yellow
$rp=get-recoverypoint $DSselected
if ($DoTape -ne "y" )
$RPselected=$rp | where {($_.representedpointintime -le $enddate) -and ($_.Isincremental -eq $FALSE) -and ($_.DataLocation -eq "Disk")}
else
$RPselected=$rp | where {($_.representedpointintime -le $enddate) -and ($_.Isincremental -eq $FALSE)}
if (!$RPselected)
write-host "No recovery points found!" -foregroundcolor yellow
"No recovery points found, aborting...!" >> $logfile
exit 0
$reselect = $enddate
$adjustflag = $false
foreach ($onerp in $RPselected)
$rtime=[string]$onerp.representedpointintime
$rsize=[math]::round(($onerp.size/$MB),1)
$line= "Found {0}, RP size= {1} MB (If 0 MB, co-located datasource cannot be computed), Incremental={2} "-f $rtime, $rsize,$onerp.Isincremental
$line >> $logfile
write-host "$line" -foregroundcolor yellow
#Get dependent rp's for data source
$allRPtbd=$DSselected.GetAllRecoveryPointsToBeDeleted($onerp)
foreach ($oneDrp in $allRPtbd)
if ($oneDrp.IsIncremental -eq $FALSE) {continue}
$rtime=[string]$oneDrp.representedpointintime
$rsize=[math]::round(($oneDrp.size/$MB),1)
$line= ("`t...is dependancy for {0} size {1} `tIncremental={2}" -f $rtime, $rsize, $oneDrp.Isincremental)
$line >> $logfile
if ($oneDrp.representedpointintime -ge $enddate)
#stick to latest full ($oneDrp = dependents, $onerp = full)
$adjustflag = $true
$reselect = $onerp.representedpointintime
"<< Dependents newer than BEFORE date >>>" >> $logfile
Write-Host -nonewline "`t <<< later than BEFORE date >>>" -foregroundcolor white -backgroundcolor red
write-host "$line" -foregroundcolor yellow
else
#Ok, include current latest incremental
$reselect = $oneDrp.representedpointintime
write-host "$line" -foregroundcolor yellow
if ($reselect -lt $oneDrp.representedpointintime)
#we adjusted further backward than latest incremental within selection
$reselect = $rtime
$line = "Adjusted BEFORE date to be $reselect to include dependents to $enddate"
$line >> $logfile
Write-Host $line -foregroundcolor white -backgroundcolor blue
$line="`n<<< SECOND TO LAST CHANCE TO ABORT - ONE MORE PROMPT TO CONFIRM. >>>"
write-host $line -foregroundcolor white -backgroundcolor blue
$line >> $logfile
$line="Above recovery points within adjusted range will be permanently deleted !!!"
write-host $line -foregroundcolor red
$line >> $logfile
$line="These RP's include dependent recovery points and may contain co-located datasource(s)"
write-host $line -foregroundcolor red
$line >> $logfile
$line="Data source activity = " + $DSselected.Activity
$line >> $logfile
write-host $line -foregroundcolor white
$DoDelete=""
while (($DoDelete -ne "N" ) -and ($DoDelete -ne "Y"))
$line="Continue with deletion (must answer) Y/N? "
write-host $line -foregroundcolor white
$DoDelete=read-host
$line = $line + $DoDelete
$line >> $logfile
if (!$DSselected.Activity -eq "Idle")
$line="Data source not idle, do you want to wait Y/N ? "
write-host $line -foregroundcolor yellow
$Y=read-host
$line = $line + $Y
$line >> $logfile
if ($Y -ieq "Y")
Write-Host "Waiting for data source to become idle..." -foregroundcolor green
while ($DSselected.Activity -ne "Idle")
("Waiting {0} seconds" -f $wait) >>$logfile
Write-Host -NoNewline "..." -ForegroundColor blue
start-sleep -s $wait
if ($DoDelete -eq "Y")
foreach ($onerp in $RPselected)
#reselect is adjusted to safe range relative to what was requested
#--- if adjustflag not set then all up to including else only older because we must keep the full
if ((($onerp.representedpointintime -le $reselect) -and ($adjustflag -eq $false)) -or ($onerp.representedpointintime -lt $reselect))
$rtime=[string]$onerp.representedpointintime
write-host `n$line -foregroundcolor red
$line >>$logfile
if (($onerp ) -and ($onerp.IsIncremental -eq $FALSE)) { remove-recoverypoint -RecoveryPoint $onerp -confirm:$True} # >> $logfile}
$line =("---`nDeleting recoverypoint -> " + $rtime)
$line >>$logfile
"All Done!" >> $logfile
write-host "`nAll Done!`n`n" -foregroundcolor white
$line="Do you want to View DPMdeleteRP.LOG file Y/N ? "
write-host $line -foregroundcolor white
$Y=read-host
$line = $line + $Y
$line >> $logfile
if ($Y -ieq "Y")
Notepad DPMdeleteRP.LOG
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. Regards, Mike J. [MSFT] This
posting is provided "AS IS" with no warranties, and confers no rights.

Group Policy "Restricted Groups" (local groups) using group policy preferences

I was recently tasked a solution with creating a group policy to manage RDP user access to a set of Active Directory computer objects.
Part of the solution was to create a policy so that this would only apply a specific security group(users) to a specific set of Active Directory computer objects within the OU to which it was applied so that other machines
and/or user accounts in this OU remain un affected by this policy.
The policy was to be able to include multiple sets of Security groups(users) for the associated machines isolating those security groups(users) to only their sets of Active Directory computer objects.
Reduce the requirement to create multiple group policies to apply different "Local Group"/"Restricted groups" management for computer objects in the domain.
I thouhgt about using System based policies and creating different WMI filters to target sets of AD Computer objects, but came to the conclusion this would not help due to the limited of WMI quries I would be able to create for a standard
Image.
So I then thought about group policy preferences and came up with the solution
I created a new Group policy and created a new item for the local group, in this instance but not limited to "Remote Desktop users (built-in)" and added the security group(users). In my case I did not need to use the "delete
all member users" or "delete all member groups" as I wanted other groups in this local group for the computer objects to remain intact.
Then what I did is set the "item-level-target" setting from "the common tab" on the GPP and set it to the security group which containd the AD computer objects the user accounts required access to. I then did a couple of standard
tests to confirm the local security group(users) appeared only on the machine in the item level target security group and applied to no other machines in the outside of SOM.
So with this in place, if I needed to create any other entries for different groups and access to specific machines all I need to do is create a new GPP item within this policy.
Being mindful that system policies settings if applied to same OU will take preceedence over GPP settings....
Thought I would just share this in-case anyone else has had similar requests/thoughts and or has other methods that they have used that they would like to share.
I am not sure either on the limit of entries that GPP have either so if anyone does know please post and possible links?
I have struggled to find an answer, however it could be that I am not asking the right question!

good sharing...
Best,
Howtodo

Urgent Help needed! ADSI can't add local user to local group when there are variables

Hi friends
it about 8 hours i am working on following simple code but no result. i feel i am loosing my eyes
i need to use a code within my PS script to add a Local user to the built-in "Users" Local Group in windows 7 , 8, 2012....
the following code which the username is not related with any variable works fine.
$computer = [ADSI]"WinNT://."
$user = $computer.Create("User","MyLocaluser")
$user.setinfo()
$user.SetPassword("P@ssw0rd")
$Group = [ADSI]"WinNT://./Users,Group"
$Group.Add("WinNT://MyLocaluser,user")
but in the 2 following scenarios (which Variables enter into codes), doesn't work: (for simplicity & be easier to read, i have bolded the only differences in my 3 scenarios for you
Scenario1:
$computer = [ADSI]"WinNT://."
$user = $computer.Create("User","MyLocaluser")
$user.setinfo()
$user.SetPassword("P@ssw0rd")
$Group = [ADSI]"WinNT://./Users,Group"
$Group.Add("WinNT://$user,user")
i checked, user is created but is doesn't become member of local "Users" group
Scenario2 (which is my Real Scenario):
$myVMnumber = read-host "enter your VMnumber"
$computer = [ADSI]"WinNT://."
$user = $computer.Create("User","MyLocalUser$MyVMnumber") ----># for example on VM2, will be created as "MyLocalUser2"
$user.setinfo()
$user.SetPassword("$MyVMnumber") # ---> so that the password of MyLocaluser be the digit 2
$Group = [ADSI]"WinNT://./Users,Group"
$Group.Add("WinNT://$user,user")
what change should make to the code?
Many thanks in advanced

Is there some reason why you are posting the same question in multiple forums?
I gave you the exact answer and a copy of tested code.
Someone needs to merge these two threads:
https://social.technet.microsoft.com/Forums/en-US/98ab1abd-ef62-4b95-b70c-a6f0120a155e/unable-to-add-local-usr-to-local-group-via-adsi?forum=winserverpowershell
¯\_(ツ)_/¯
no it's the same powershell forum not multiple forums
i had posed my question in previous threat
https://social.technet.microsoft.com/Forums/en-US/98ab1abd-ef62-4b95-b70c-a6f0120a155e/unable-to-add-local-usr-to-local-group-via-adsi?forum=winserverpowershell
but at the middle of the scenario, no one continue to investigate on my problem, so i started new threat to investigate on the rest of the problem, but finally you answered it & now this threat can be closed up
many thanks for your helps.

Creating ora_dba group in Windows vista

Hi,
I have installed Oracle 10g in a Windows vista environment. The Oracle installation guide "http://download.oracle.com/docs/cd/B19306_01/install.102/b14316/intro.htm#i1006491" says that OUI creates the ora_dba group when the oracle s/w is installed. But, the ora_dba group is not created in my system and I also don't have a "local and users group" category in the computer management to create a group either.
The sqlnet.ora file has the parameter SQLNET.AUTHENTICATION_SERVICES= (NTS)
So, I was wondering how would a user be authenticated by the OS as a dba...
and also if anybody knows how to create the ora_dba group plz reply...
ur help is greatly appreciated
Thanks.

The best thing you can do with Vista is download VMware Server and use it to run a Centos 4 or 5 virtual machine. Then you will see Oracle run as she was meant to be run.
Vista is a client operating system. Oracle is intended to be run on servers. Enough said.

Add Windows 7 local administrators group to another local group

So I have the local group MyLocalGroup and I need to add the local Administrators group as member of MyLocalGroup
I'm working with Windows 7 Professional with Windows Management 4
I have tried:
[ADSI]$LocalAdmonistratorGroup="WinNT://$Env:COMPUTERNAME/Administrators,Group"
[ADSI]$MyUsersGroup="WinNT://$Env:COMPUTERNAME/MYLOCALGROUP,Group"
$MyUsersGroup.Add($LocalAdmonistratorGroup.Path)
Exception calling "Add" with "1" argument(s): "A member could not be added to or removed from the local group because the member does not exist."
BUT:
$LocalAdmonistratorGroup.Add($MyUsersGroup.Path)
It's work! And MyLocalGroup is member of administrator.
I have made some test and:
1. A user can be added to any local group (ok)
2. A local group can be member of any local group (ok)
3. A group or a user can be added to local Administrators group
4. If I try to add local administrators group as member of any other local group I receive the error!
How I can add the Local Administrators group as member of another local group using PowerShell (with interface work)?
Thanks,
Lorenzo Soncini
LSo Lorenzo Soncini Trento TN - Italy

Hi Lorenzo,
Nesting local groups (add a local group to the group membership of another local group on the same client )is not recommended.
Refer to:
Nesting of local groups is not supported on workstations or member servers
If we execute this operation via Computer Management Interface, it will produce error.
Some group authoring tools can add local Group To local Built-in Groups, however, our suggestion is to never nest local groups even when it is allowed by a group authoring tool like “net local group” because such nesting doesn’t reflect the group expansion
constraints and the end results would be different from the expected results.”
Refer to:
Nested User Groups (Groups in Groups) / Built-in Local Groups Issue
If there is anything else regarding this issue, please feel free to post back.
If you have any feedback on our support, please click here.
Best Regards,
Anna Wang
TechNet Community Support
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Managing membership of local group - Domain Local groups not permitted?

Hi all
I would like to populate the membership of the local Administrators group on certain member servers using the "Local users and groups" feature of GPP. The object picker does not let me choose groups with Domain Local scope.
Does anyone know the reason for this? Is there any workaround?
I can add domain local groups to the membership of the Adminstrators group manually, so it seems strange I can't do it via GPO.
Alexei

> I would like to populate the membership of the local Administrators
> group on certain member servers using the "Local users and groups"
> feature of GPP. The object picker does not let me choose groups with
> Domain Local scope.
I cannot confirm. I can add both DL and GG. What OS are you using? Here:
Win 7 Enterprise 32 bit.
Martin
Mal ein
GUTES Buch über GPOs lesen?
NO THEY ARE NOT EVIL, if you know what you are doing:
Good or bad GPOs?
And if IT bothers me - coke bottle design refreshment :))

Create Local Group on Member Servers

Similar Messages

Maybe you are looking for