Adding a domain admin account to local admin groups

Discussion started by Stuart Langston, Sep 8, 2004.

  1. I need to add the domain admins group from one domain into the local admins
    group for a group of servers / workstation in another domain. The (very
    simple) script i've created so far is

    strComputer = "mcpwrsus01"
    Set objGroup = Getobject("WinNT://" & strComputer & "/Administrators")
    objGroup.Add ("WinNT://newdomainame/Domain Admins")

    Which generates the error

    "A member could not be added to or removed from the local group because the
    member does not exist."

    The Domain Admins group in the source domain definitely does exist. Can
    anyone point to where im going wrong?

    As always, thanks in advance

    Stuart Langston, Sep 8, 2004
  2. Thanks for that. I've tried modifying the script to run in our environment
    but still get the same error message in line 8:

    ' On Error Resume Next
    GroupName = "Administrators"
    strUserName = "Domain Admins"
    GroupDomain = "."
    UserDomain = "domainname"
    Set objUser = GetObject("WinNT://" & UserDomain & "/" & strUserName &
    Set objGroup = GetObject("WinNT://" & GroupDomain & "/" & GroupName &
    objGroup.Add(objUser.ADsPath) 'adding the user to the group
    AddUser = Err.Number

    Im sure im just being stupid but can anyone point me in the right direction?

    Thanks in advance

    Stuart Langston, Sep 9, 2004
  3. Hi

    For ADSI's WinNT provider, using "." for current computer name doesn't
    work very well in all cases (but when using WMI it will always work).

    So when using the WinNT provider against the local computer, always
    use this instead:

    Set objWshNet = CreateObject("WScript.Network")
    GroupDomain = objWshNet.ComputerName

    Try it and see if it works better for you.
    Torgeir Bakken \(MVP\), Sep 9, 2004
