(imported topic written by carroll91)
Would anyone have a script that can do this. I really appreciate the help. I can use vbs but don’t know how to cover the script so 200 different customers will be added to individual assets.
Thanks,
Carroll.
(imported comment written by carroll91)
I have this script that works per individual user in case anyone wants to use it.
Set oWshNet = CreateObject(“WScript.Network” )
sUser = “domain user”
sNetBIOSDomain = oWshNet.UserDomain
sComputer = oWshNet.ComputerName
Set oGroup = GetObject(“WinNT://” & sComputer & “/Administrators,group” )
Set oUser = GetObject(“WinNT://” & sNetBIOSDomain & “/” & sUser & “,user” )
’ suppress errors in case the user is already a member
On Error Resume Next
oGroup.Add(oUser.ADsPath)
On Error Goto 0
(imported comment written by MattBoyd)
I was about to ask you why you didn’t just use NET LOCALGROUP /ADD commands, but then I remembered that it has a wonderful 20 character limitation on group names. I had to make a VBScript (similar to the one you posted) a few weeks ago to get around that so that we could add some AD security groups to local groups on the client. Give this a try:
//This script is used to overcome the 20 character limitation that the NET.EXE LOCALGROUP /ADD command has createfile until ENDOFSCRIPT
' Name: AddUserToLocalGroup.vbs
' Author: Matthew Boyd (iboyd.net)
' Date: 4/28/2010
' Purpose: Adds an AD user to a local security group. This script is used to overcome the
' 20 character group name limitation that NET.EXE has: http://support.microsoft.com/kb/324639
' Usage: cscript.exe AddUserToLocalGroup.vbs "<AD user Name>" "<Local Group Name>"
' Example: cscript.exe AddUserToLocalGroup.vbs "YOURDOMAIN\username" "Administrators"
' The command above would add "username" to the Administrators security group of the local
' machine. Dim localGroupName, ADUserName, strComputer, objLocalGroup, objADUser strComputer =
"."
''
'Parse the command line arguments (if it exists) If Wscript.Arguments.Count < 2 then Err.Raise 1,
"Invalid argument",
"Missing parameters" Else ADUserName = Wscript.Arguments.Item(0) localGroupName = Wscript.Arguments.Item(1) End If ADUserName = REPLACE(ADUserName,
"\", "/
") Set objLocalGroup = GetObject(
"WinNT://" & strComputer &
"/" & localGroupName &
",group") Set objADGroup = GetObject(
"WinNT://" & ADUserName &
",user") objLocalGroup.Add(objADGroup.ADsPath) wscript.echo
"Successfully added " & ADUserName &
" to " & localGroupName ENDOFSCRIPT copy __createfile AddUserToLocalGroup.vbs waithidden cscript.exe AddUserToLocalGroup.vbs
"YOURDOMAIN\{name of current user}"
"Administrators" delete AddUserToLocalGroup.vbs
Your relevance could be something like this:
not exists ((members of local group
"Administrators") whose (it as string as uppercase contains name of current user as uppercase))
Not that you need to me to tell you how to do your job, but I’m not a big fan of giving everyone admin rights on workstations…
(imported comment written by carroll91)
Thanks for you reply. I will use your script. I know the local admin thing is not the best business approach for anyone but we have a certain app to install that requires it. Soon as the install goes out so do the admin rights.
Cheers,
Carroll.
(imported comment written by SystemAdmin)
I am also looking for a way to get around the 20 character limit using net localgroup. Can you explain where I would add the username and group name in this VBS script. I am not really fimiluar using VBS.
(imported comment written by SystemAdmin)
I see how this works now. You are looking at the current user then adding them to the admin group.
I am looking for a way to add a domain group to a local computer group (administrators). I am able to use this script to add a user account to the admin group by specifying the user name, but this doesn’t work for a domain group. I recieve a message stating the user name could not be found.
Do I need to specify that I am looking to add a domain group vs a domain user.
(imported comment written by MattBoyd)
Ha! That would be my other script, AddGroupToLocalGroup.vbs. Seriously though, I did make another script a while ago to do that:
createfile until ENDOFSCRIPT
' Name: AddGroupToLocalGroup.vbs
' Author: Matthew Boyd (iboyd.net)
' Date: 4/1/2010
' Purpose: Adds a AD security group to a local security group. This script is used to overcome the
' 20 character group name limitation that NET.EXE has: http://support.microsoft.com/kb/324639
' Usage: cscript.exe AddGroupToLocalGroup.vbs "<AD Group Name>" "<Local Group Name>"
' Example: cscript.exe AddGroupToLocalGroup.vbs "DOMAIN\MY GROUP" "Administrators"
' The command above would add "MY GROUP" to the Administrators security group of the local
' machine. Dim localGroupName, ADGroupName, strComputer, objLocalGroup, objADGroup strComputer =
"."
''
'Parse the command line arguments (if it exists) If Wscript.Arguments.Count < 2 then Err.Raise 1,
"Invalid argument",
"Missing parameters" Else ADGroupName = Wscript.Arguments.Item(0) localGroupName = Wscript.Arguments.Item(1) End If ADGroupName = REPLACE(ADGroupName,
"\", "/
") Set objLocalGroup = GetObject(
"WinNT://" & strComputer &
"/" & localGroupName &
",group") Set objADGroup = GetObject(
"WinNT://" & ADGroupName &
",group") objLocalGroup.Add(objADGroup.ADsPath) wscript.echo
"Successfully added " & ADGroupName &
" to " & localGroupName ENDOFSCRIPT delete AddGroupToLocalGroup.vbs copy __createfile AddGroupToLocalGroup.vbs waithidden cscript.exe AddGroupToLocalGroup.vbs
"DOMAIN\GROUP"
"Remote Desktop Users"
In retrospect, there should be an easy way to combine this so that you can use on script for both users and groups. I’ll look into that when I have some time.
(imported comment written by SystemAdmin)
Thanks, that works perfectly.
(imported comment written by cstoneba)
I’m trying to run this action and it works 95% of the time. But it seems to be failing when I’m adding a domain group that resides in a trusted domain, however it works when I manually run the created vbs from command line. Maybe this is happening because BESClient is executing the vbs as local system account??