Introduction

Adding users, or most often groups from Active Directory to the local administrator group on the server or client is a common task carried out as a system administrator.

Previously, accomplishing this required some scripting, but now it’s possible to use a simple one-liner. Of course, you can also use this one-liner in your scripts.

This blog post covers adding user accounts and groups to the local administrator group using Powershell. I also cover how to remove them.

How to add users or groups to the local administrator group using Powershell

The local administrator group in Computer Management

The commands for adding or removing a user or group from a local admin group is the same.

Note that all the commands below require that you are running an elevated Powershell window.

Add a domain group or user to the local administrator group using Powershell

You can add AD security groups or users to the local admin group using the below Powershell command:

Add-LocalGroupMember -Group "Administrators" -Member "domain\user or group," "additional users or groups."
Add users or groups to the local administrator group using Powershell

Add a local user to the local administrator group using Powershell

When adding a local user to the admin group, use this command. The same goes for when adding multiple users.

Add-LocalGroupMember -Group "Administrators" -Member "username"

Add a Microsoft account to the local administrator group using Powershell

If you want to add a Microsoft account to the local admin group, use the following command:

Add-LocalGroupMember -Group "Administrators" -Member "MicrosoftAccount\username@domain.com"

Review that the user or group has been added to the local admin group

That’s it! When I look in the local administrator group from the Computer Management view, I now see my domain user:

Domain user has been added to the local administrator group using Powershell

You can also see which users or groups are part of the local admin group using Powershell:

Get-LocalGroupMember -Group "Administrators"

How to remove a user or group from the local admin group using Powershell

If you want to remove a user or group from the local admin group, enter this command:

Remove-LocalGroupMember -Group "Administrators" -Member "the same as for adding a user or group"

Conclusion

Carrying out simple tasks as adding users or groups to the local administrator group can be done via the GUI or Powershell.

I highly recommend using Powershell for tasks like these, as it’s essential to be fluent in Powershell.

If you want to improve your Powershell skills, make sure to sign up for Pluralsight. It’s my favorite way of learning new skills!

How do you add users or groups to the local administrator group? Please leave a comment below!

References

Related posts

6 COMMENTS

  3. one of the things that irritates me to no end when i look at scripts online is the lack of documentation in them.
    for folks that are trying to learn it is nice to know what each function or call is doing within the script.
    It’s also nice when you enclose the usage information within the script documentation, ie what version of Ps you are writing to, etc. that way people hunting for code snippets dont have to read 3/4 of the way down the page only t9o find that this is applicable to windows server 2012 that runs powershell 3.0 or higher..

  4. I have multiple OUs that contain workstations and servers. For each such OU there is supposed to be a different administrator group. So when a computer is added to an OU, the admin group specified on that OU should be automatically be made a member of the local admin group of that computer.

    This can be done via group policy. The challenge for me is that there are over 300 such OUs. I’m aware of a powershell script that will create and link the group policy to each OU. I’m looking for how to configure the group policy with the option, Daniel mentioned above using powershell. This setting should be done into the group policy.

LEAVE A REPLY

Please enter your comment!
Please enter your name here