I built 38 new servers and needed to add a domain group to the local administrator group of all of them. Instead of using computer management (compmgmt.msc) to connect to each one, or a GPO, I decided to use PowerShell, and found it’s actually pretty simple to do.


Here’s how we list local admins:
First you have to get the group itself: $group =[ADSI]"WinNT://$server/Administrators" Then you have to get the members of that group: $admins = @($group.psbase.Invoke("Members")) Now to output those members: $admins | foreach {$_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)

Adding is just as simple:
Get the domain group: $adgroup =[ADSI]"WinNT://domain/$admingroup" Obviously you’ll have to change ‘domain’ to the fqdn of your domain. Next we get the local group, same as we did above: $localgroup =[ADSI]"WinNT://$server/Administrators" Now we add the domain group to the local group: $localGroup.PSBase.Invoke("Add",$adgroup.PSBase.Path) You can run them separately, but I tied it all together to come up with my script so it shows me which server it’s working on and lists local admins when it’s done.

Servers and Admingroups are an array and can be specified like this: Set-LocalAdmins.ps1 -servers ("host1","host2","host3") -admingroups ("group1","group2","group3") or Set-LocalAdmins.ps1 -servers host1 -admingroups group1

Here’s the script itself (don’t forget to change ‘domain’ on line 10 to the fqdn of your):