ADSI Script needed to add domain group to local group

[kev_147]

Guys,

Can anyone help me with a script. This is the scenario:

I am logged into a PC as local administrator and need to run a script that will go out to the domain and get a domain group called "ICT-Desktop Support" and add this group to the local administrators group.

I think I have to use some of the following code to authenticate on the domain:

Const ADS_SCOPE_SUBTREE = 2

Set objConnection = CreateObject("ADODB.Connection")

Set objCommand = CreateObject("ADODB.Command")

objConnection.Provider = "ADsDSOObject"

objConnection.Properties("User ID") = "fabrikam\kenmyer" ;change accordingly

objConnection.Properties("Password") = "A2sXrco1Fq1#om!" ;change accordingly

objConnection.Properties("Encrypt Password") = TRUE

objConnection.Properties("ADSI Flag") = 3

objConnection.Open "Active Directory Provider"

Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Page Size") = 1000

objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

And some of the following code to add the group:

strComputer = "."

strLocalGroup = "Administrators"

strDomainGroup = "ICT-Desktop Support"

'Look up local group.

Set objLocalGroup = GetObject("WinNT://" & strComputer & "/" & strLocalGroup & ",group")

' Look up Domain group to be checked against local group.

Set objDomainGroup = GetObject( "WinNT://" & strDomain & "/" & strDomainGroup & ",group")

'Check if domain group already a member.

If not objLocalGroup.IsMember(objDomainGroup.AdsPath) Then

'Add domain group to local group.

objLocalGroup.Add(objDomainGroup.AdsPath)

Else

End If

But I am not sure howto put them together. Can anyone help me please???

[allen2]

Why not simply do a batch:

net localgroup administrators "fabrikam\ICT-Desktop Support" /add

[kev_147]

If that works logged on as just a local administrator and not being authenticated into the domain at all then great.

Could someone assist in getting that command to work in vbscript please. I have this so far, but it isn't working. The reason I want it in vbscript is because this is only a small part of something that is embedded in a hta file using vbscript.

Set WshShell = WScript.CreateObject("WScript.Shell")

net1 = "net localgroup administrators "

net2 = "cos.sunderland.local\ICT-Desktop Support"

net3 = " /add"

wscript.echo net1

wscript.echo net2

wscript.echo net3

wscript.echo net1 & net2 & net3

WshShell.Run(net1 & net2 & net3)

Thanks in advance guys

[gunsmokingman]

Try this change to meet your needs

Dim Act : Set Act = CreateObject("Wscript.Shell")
   Act.Run("%Comspec% /c net localgroup administrators ""fabrikam\ICT-Desktop Support"" /add"), 0, True

[kev_147]

I done it like this in the end.

Thanks for pointing me in the right direction gsh.

'---------------------------------------------------------------------

Dim Act, strDomain, strDomainGroup

On Error Resume Next

Set Act = CreateObject("Wscript.Shell")

strDomain = Chr(34) & "COS.Sunderland.Local"

strDomainGroup = "\ICT-Desktop Support" & Chr(34)

Act.Run("%Comspec% /c net localgroup administrators " & strDomain & strDomainGroup & " /add"), 0, True

'---------------------------------------------------------------------

[gunsmokingman]

Your welcome and glad I could help.

[kev_147]

Does anyone know why this command is only pulling through the SID of the group and not the actual name?

I am running this script at the same time as joining the PC to the domain and before a reboot.

Don't worry guys, I think I have worked it out. It is because I am joining the PC to the root domain.

Am just about to test joining the PC to the normal domain name instead to see if that works.