Add domain group to local computer administrators command line

Question

Is it possible to add domain group to local group via command line?

I can add specific users or domain users, but not a group. I would prefer to stick with a command line, but vbscript might be okay. We are looking for a solution that doesn't involve GPOs because this is just for a couple of rooms on our campus and just once.

net localgroup "Administrators" "myDomain\Username" /add

works but

net localgroup "Administrators" "myDomain\Local Computer Administrators" /add

doesnt

score 5 · Accepted Answer · answered Oct 13 '14 at 14:18

net localgroup seems to have a problem if the group name is longer than 20 characters. You can try shortening the group name, at least to verify that character limitation. By the way, net localgroup uses the pre-Windows 2000 name of the group, the sAMAccountName AD attribute.

I would still recommend that you use GPO for this, as it will be easier to add the group to the local Administrators group, especially since you won't have to rename your group. Also, it will be easier to remove the domain group from the local group once the need has passed.

score 0 · Answer 2 · answered Jan 14 '22 at 16:45

I know you asked for commandline but you can do this with powershell quite simply (win2016 and later)

Add-LocalGroupMember -Group administrators -member domain\user

if you want to do this via commandline explicitly, you can wrap this in a commandline by calling powershell with this command:

powershell -command "Add-LocalGroupMember -Group administrators -member domain\user"

score 0 · Answer 3 · answered Dec 07 '22 at 07:58

To add a domain user, This is the format

net localgroup "GroupName" "Username" /add "Domain"

The Syntax on Command line is:

NET LOCALGROUP
[groupname [/COMMENT:"text"]] [/DOMAIN]
              groupname {/ADD [/COMMENT:"text"] | /DELETE}  [/DOMAIN]
              groupname name [...] {/ADD | /DELETE} [/DOMAIN]

score 0 · Answer 4 · answered Jan 18 '24 at 12:05

As net localgroup suffers from a 20 character limit on group names, I would recommend using Powershell for this. Using the example you provided, enter:

Add-LocalGroupMember -Group "Administrators" -Member "myDomain\Local Computer Administrators"

_{Note Add-LocalGroupMember uses the built-in PowerShell module, Microsoft.PowerShell.LocalAccounts. The module is available on Windows Server 2016 and Windows 10 and newer versions. This module is installed with the Windows Management Framework 5.1 in earlier versions of Windows when you upgrade your PowerShell version.}

score -1 · Answer 5 · answered Oct 13 '14 at 14:41

-1

Add the group to the Administrators group by going to

control userpasswords2

and then press the Add button.

Or, use

lusrmgr.msc

answered Oct 13 '14 at 14:41

EdG

614
1
5
17

Add domain group to local computer administrators command line

5 Answers5