{"id":595,"date":"2014-10-03T00:01:00","date_gmt":"2014-10-03T00:01:00","guid":{"rendered":"https:\/\/blogs.technet.microsoft.com\/heyscriptingguy\/2014\/10\/03\/adding-local-users-to-local-groups\/"},"modified":"2022-06-21T14:48:29","modified_gmt":"2022-06-21T21:48:29","slug":"adding-local-users-to-local-groups","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/scripting\/adding-local-users-to-local-groups\/","title":{"rendered":"Adding Local Users to Local Groups"},"content":{"rendered":"<p><b style=\"font-size:12px\">Summary<\/b><span style=\"font-size:12px\">: Learn how to use Windows PowerShell to add local users to local groups.<\/span><\/p>\n<p>Microsoft Scripting Guy, Ed Wilson, is here. Creating local user objects and local group objects is fine, but to be useful, I need to be able to add users to groups. When working with local accounts, I need to use the <strong>ADSI<\/strong> type accelerator to facilitate the way things work.<\/p>\n<p><strong>\u00a0 \u00a0Note\u00a0<\/strong> This is the third in a series of three posts. If you haven&#8217;t read them already, you might benefit from reading the first two posts before you read this:<\/p>\n<ul>\n<li><a href=\"https:\/\/devblogs.microsoft.com\/scripting\/use-powershell-to-create-local-user-accounts\/\" target=\"_blank\" rel=\"noopener\">Use PowerShell to Create Local User Accounts<\/a><\/li>\n<li><a href=\"https:\/\/devblogs.microsoft.com\/scripting\/use-powershell-to-create-local-groups\/\" target=\"_blank\" rel=\"noopener\">Use PowerShell to Create Local Groups<\/a><\/li>\n<\/ul>\n<p>Today I add the users to the group.<\/p>\n<h2>Connect to the actual group<\/h2>\n<p>Adding a user to a group is a bit different than creating a local user or a local group. When I add a user to a group, I need to connect to the group itself. I still need to open the Windows PowerShell console or ISE with Admin rights, but this time the connection is a bit more complicated. I still use the **[ADSI] **type accelerator, I still use WinNT as my provider, and I still specify the name of the computer. But I also must specify the name of the group and provide a hint that I am connecting to a group. Here is the command:<\/p>\n<p style=\"margin-left:30px\">\n  $group = [ADSI]&#8221;WinNT:\/\/edlt\/mygroup,group&#8221;\n<\/p>\n<p>If the group does not exist, the connection will not fail. In fact, it will actually appear to succeed. The error message will only appear when I try to use the object that I stored in the <strong>$group<\/strong> variable. This is shown here:<\/p>\n<p><a href=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/hsg-10-3-14-01.png\"><img decoding=\"async\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/hsg-10-3-14-01.png\" alt=\"Image of error message\" title=\"Image of error message\" \/><\/a><\/p>\n<p>When I have a connection to an existing group, I call the <strong>Add<\/strong> method to add my local user object. The <strong>Add<\/strong> method accepts what is called an <strong>ADsPath<\/strong>\u2014that is the complete path to the user object, including the WinNT provider. Here is an example of the <strong>ADsPath<\/strong> to the <strong>mred<\/strong> user that I created the other day:<\/p>\n<p style=\"margin-left:30px\">\n  &#8220;WinNT:\/\/edlt\/mred,user&#8221;\n<\/p>\n<p>There are four parts: WinNT, the computer name, the user account name are required. The fourth part, <strong>user<\/strong>,* *is a hint that is not really required, but it makes things go a bit faster because it tells the provider the type of object I am looking for. Here is the complete <strong>Add<\/strong> command:<\/p>\n<p style=\"margin-left:30px\">\n  $group.Add(&#8220;WinNT:\/\/edlt\/mred,user&#8221;)\n<\/p>\n<p>That is it. Two lines for the complete script:<\/p>\n<p style=\"margin-left:30px\">\n  $group = [ADSI]&#8221;WinNT:\/\/edlt\/mygroup,group&#8221;\n<\/p>\n<p style=\"margin-left:30px\">\n  $group.Add(&#8220;WinNT:\/\/edlt\/mred,user&#8221;)\n<\/p>\n<p>I open the group in the computer management console, and sure enough, the user is now a member of the group.<\/p>\n<p><a href=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/hsg-10-3-14-02.png\"><img decoding=\"async\" src=\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/hsg-10-3-14-02.png\" alt=\"Image of menu\" title=\"Image of menu\" \/><\/a><\/p>\n<p>That is all there is to using Windows PowerShell to add local users to local groups. Join me tomorrow when I will talk about how to make Windows PowerShell Help always display examples.<\/p>\n<p>I invite you to follow me on <a href=\"http:\/\/bit.ly\/scriptingguystwitter\" target=\"_blank\" rel=\"noopener\">Twitter<\/a> and <a href=\"http:\/\/bit.ly\/scriptingguysfacebook\" target=\"_blank\" rel=\"noopener\">Facebook<\/a>. If you have any questions, send email to me at <a href=\"mailto:scripter@microsoft.com\" target=\"_blank\" rel=\"noopener\">scripter@microsoft.com<\/a>, or post your questions on the <a href=\"http:\/\/bit.ly\/scriptingforum\" target=\"_blank\" rel=\"noopener\">Official Scripting Guys Forum<\/a>. See you tomorrow. Until then, peace.<\/p>\n<p><strong>Ed Wilson, Microsoft Scripting Guy<\/strong><span style=\"font-size:12px\">\u00a0<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Summary: Learn how to use Windows PowerShell to add local users to local groups. Microsoft Scripting Guy, Ed Wilson, is here. Creating local user objects and local group objects is fine, but to be useful, I need to be able to add users to groups. When working with local accounts, I need to use the [&hellip;]<\/p>\n","protected":false},"author":596,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[535,24,3,45],"class_list":["post-595","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-local-accounts","tag-other-directory-services","tag-scripting-guy","tag-windows-powershell"],"acf":[],"blog_post_summary":"<p>Summary: Learn how to use Windows PowerShell to add local users to local groups. Microsoft Scripting Guy, Ed Wilson, is here. Creating local user objects and local group objects is fine, but to be useful, I need to be able to add users to groups. When working with local accounts, I need to use the [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/595","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/596"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=595"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/595\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=595"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=595"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=595"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}