Today I needed to add a couple of AD users to the local administrators group on a number of servers….. and I am not allowed to use a GPO to do it.
Not wanting to manually connect to every machine I used the following powershell script
cls
$InputServers = Import-Csv “c:\servers.csv”
$InputUsers = Import-Csv “c:\users.csv”
$Servercount = 1
$ServerCountTotal = $InputServers.Count
$InputServers | ForEach-Object {
$ServerTemp=$_.ComputerName
“Starting ” + $Servercount + ” of ” + $Servercounttotal + ” : ” + $ServerTemp
$InputUsers | ForEach-Object {
$objUser = [ADSI](“WinNT://” + $_.Username )
$objGroup = [ADSI](“WinNT://” + $ServerTemp +”/Administrators”)
$objGroup.PSBase.Invoke(“Add”,$objUser.PSBase.Path)
}
“Complete ” + $Servercount + ” of ” + $Servercounttotal + ” : ” + $ServerTemp
$Servercount++
}
“Script Complete”
The script looks for 2 CSV files in the root of c:\
Servers.csv has a header of “ComputerName” and then a list of servers you want to affect one per line.
Users.csv has a header of “UserName” and then a list of user names (OLD FORMAT) Domain/User one per line.
Enjoy