2

Is it possible to add domain group to local group via command line?

I can add specific users or domain users, but not a group. I would prefer to stick with a command line, but vbscript might be okay. We are looking for a solution that doesn't involve GPOs because this is just for a couple of rooms on our campus and just once.

net localgroup "Administrators" "myDomain\Username" /add

works but

net localgroup "Administrators" "myDomain\Local Computer Administrators" /add

doesnt

PsychoData
  • 1,397
  • 1
  • 13
  • 38

4 Answers4

4

net localgroup seems to have a problem if the group name is longer than 20 characters. You can try shortening the group name, at least to verify that character limitation. By the way, net localgroup uses the pre-Windows 2000 name of the group, the sAMAccountName AD attribute.

I would still recommend that you use GPO for this, as it will be easier to add the group to the local Administrators group, especially since you won't have to rename your group. Also, it will be easier to remove the domain group from the local group once the need has passed.

Patrick Seymour
  • 8,392
  • 31
  • 33
  • If I use a GPO, wont it revert after logoff? – PsychoData Oct 13 '14 at 14:21
  • The GPO will be enforced as long as it applies to the machine, that is, as long as the machine is in an OU to which the GPO applies. – Patrick Seymour Oct 13 '14 at 14:22
  • And it will be set everytime the computer boots or logs on (depending where I'm applying it) right? Why not just make the change once and be done with it. This is something we want standard on all our computers and these were done wrong before we imaged them. – PsychoData Oct 13 '14 at 14:25
  • I guess it's more of an enforcement thing, to make sure the configuration you want is always applied. It's not like GPO processing takes minutes; it's in the sub-seconds range for group membership enforcement. If you use GPO Preferences instead of the Restricted Groups policy, you can apply once and never apply again. Anyway, that part of my reply was just a recommendation. – Patrick Seymour Oct 13 '14 at 15:39
  • So, patrick, what if I was to make the GPO, make sure all of the machines had it applied to them and then deleted the GPO again? Would the affects of the GPO persist? or would they revert? – PsychoData Oct 26 '14 at 16:28
  • The effects would persist, as long as no other outside influences exist (other GPOs, etc.). – Patrick Seymour Oct 29 '14 at 16:16
0

I know you asked for commandline but you can do this with powershell quite simply (win2016 and later)

Add-LocalGroupMember -Group administrators -member domain\user

if you want to do this via commandline explicitly, you can wrap this in a commandline by calling powershell with this command:

powershell -command "Add-LocalGroupMember -Group administrators -member domain\user"
Justin
  • 101
  • 2
0

To add a domain user, This is the format

net localgroup "GroupName" "Username" /add "Domain"

The Syntax on Command line is:

NET LOCALGROUP
[groupname [/COMMENT:"text"]] [/DOMAIN]
              groupname {/ADD [/COMMENT:"text"] | /DELETE}  [/DOMAIN]
              groupname name [...] {/ADD | /DELETE} [/DOMAIN]
Victor Mwenda
  • 101
  • 2
-1

Add the group to the Administrators group by going to

control userpasswords2

and then press the Add button.

Or, use 

lusrmgr.msc
EdG
  • 616
  • 1
  • 5
  • 16
  • a Very fine way to add them, via GUI. I specified command line or script. – PsychoData Oct 13 '14 at 14:43
  • You preferred* it – EdG Oct 14 '14 at 15:26
  • "Prefer" was a polite way if saying "I'm not interested in GUI because I don't want to go through some 60 computers and do that on all of them" – PsychoData Oct 15 '14 at 11:47
  • I don't think prefer is defined like that. Say what you actually mean, I can't read your mind. – EdG Oct 15 '14 at 16:51
  • Even if you stick hard by the fact I said prefer to stick to commandline (meaning NOT GUI) I still offered the alternative to command line as vbsript and made a point that I would rather not do it via GPOs. Read the question instead of defending your small niche of me not _explicitly_ saying that I didn't want a GUI interface solution, even though I did say I wanted a command line solution or vbscript (that I could then run via command line) – PsychoData Oct 21 '14 at 13:03
  • the topic literally says command line. why would the use of the word prefer override or negate the actual title of the post? This answer should have more downvotes. – Jeremy Apr 04 '16 at 22:58