-
Notifications
You must be signed in to change notification settings - Fork 3
/
Add_AD_Group_or_User_to_Device_Administrators.ps1
85 lines (75 loc) · 2.27 KB
/
Add_AD_Group_or_User_to_Device_Administrators.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
<#
Harrison Koll 4/24/2023
.Synopsis
Inputfile is the name of the file or list of devices.
grp_or_usr is the name of the group or user that you want to add to to add to the local Administrators group.
This script is useful when net localgroup or Add-localgroupmember are not available. IE. On legacy devices, it works 100% on the time, tested from Windows 2k on up.
#>
param(
[Parameter(ParameterSetName='Input')]
[string]
$InputFile,
[string]
$grp_or_usr
)
function Resolve-SamAccount {
param(
[string]
$SamAccount,
[boolean]
$Exit
)
process {
try
{
$ADResolve = ([adsisearcher]"(samaccountname=$grp_or_usr)").findone().properties['samaccountname']
}
catch
{
$ADResolve = $null
}
if (!$ADResolve) {
Write-Warning "User `'$SamAccount`' not found in AD, please input correct SAM Account Name."
if ($Exit) {
exit
}
}
$ADResolve
}
}
if (!$grp_or_usr) {
$grp_or_usr = Read-Host "Please input the Group or User you wish to add to the target machine(s) local Administrators group."
}
if ($grp_or_usr -notmatch '\\') {
$ADResolved = (Resolve-SamAccount -SamAccount $grp_or_usr -Exit:$true)
$grp_or_usr = 'WinNT://',"$env:userdomain",'/',$ADResolved -join ''
} else {
$ADResolved = ($grp_or_usr -split '\\')[1]
$DomainResolved = ($grp_or_usr -split '\\')[0]
$grp_or_usr = 'WinNT://',$DomainResolved,'/',$ADResolved -join ''
}
if (!$InputFile) {
$Computer = Read-Host "Please input computer or file name."
}
else{
if(!(Test-Path -Path $InputFile)){
[string[]]$Computers = $InputFile.Split(',')
}
else{
$Computers = get-content $InputFile
}
$Computers | ForEach-Object {
$_
$ledevice = $_
Write-Host "Adding `'$ADResolved`' to Administrators group on `'$_`'."
$curr_time = Get-Date
try {
([ADSI]"WinNT://$_/Administrators,group").add($grp_or_usr)
Write-Host -ForegroundColor Green "Successfully Added `'$ADResolved`' to `'$_`'."
"'$curr_time'`t'$_'`t'$ledevice'" >> Successfuladditions.log
} catch {
Write-Warning "$_"
"'$curr_time'`t'$_'`t'$ledevice'" >> Failedadditions.log
}
}
}