-
Notifications
You must be signed in to change notification settings - Fork 1
/
Set-ADAccountasLocalAdministrator.ps1
130 lines (114 loc) · 7.24 KB
/
Set-ADAccountasLocalAdministrator.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
<#
.SYNOPSIS
Script to add an AD User or group to the Local Administrator group
.DESCRIPTION
The script can use either a plaintext file or a computer name as input and will add the trustee (user or group) as an administrator to the computer
.PARAMETER InputFile
A path that contains a plaintext file with computer names
.PARAMETER Computer
This parameter can be used instead of the InputFile parameter to specify a single computer or a series of
computers using a comma-separated format
.PARAMETER Trustee
The SamAccount name of an AD User or AD Group that is to be added to the Local Administrators group
.NOTES
Name: Set-ADAccountasLocalAdministrator.ps1
Author: Jaap Brasser
Version: 1.1.1
DateCreated: 2012-09-06
DateUpdated: 2015-11-12
.LINK
http://www.jaapbrasser.com
.EXAMPLE
.\Set-ADAccountasLocalAdministrator.ps1.ps1 -Computer Server01 -Trustee JaapBrasser
Description:
Will set the the JaapBrasser account as a Local Administrator on Server01
.EXAMPLE
.\Set-ADAccountasLocalAdministrator.ps1.ps1 -Computer 'Server01,Server02' -Trustee Contoso\HRManagers
Description:
Will set the HRManagers group in the contoso domain as Local Administrators on Server01 and Server02
.EXAMPLE
.\Set-ADAccountasLocalAdministrator.ps1 -InputFile C:\ListofComputers.txt -Trustee User01
Description:
Will set the User01 account as a Local Administrator on all servers and computernames listed in the ListofComputers file
#>
param(
[Parameter(ParameterSetName='InputFile')]
[string]
$InputFile,
[Parameter(ParameterSetName='Computer')]
[string]
$Computer,
[string]
$Trustee
)
<#
.SYNOPSIS
Function that resolves SAMAccount and can exit script if resolution fails
#>
function Resolve-SamAccount {
param(
[string]
$SamAccount,
[boolean]
$Exit
)
process {
try
{
$ADResolve = ([adsisearcher]"(samaccountname=$Trustee)").findone().properties['samaccountname']
}
catch
{
$ADResolve = $null
}
if (!$ADResolve) {
Write-Warning "User `'$SamAccount`' not found in AD, please input correct SAM Account"
if ($Exit) {
exit
}
}
$ADResolve
}
}
if (!$Trustee) {
$Trustee = Read-Host "Please input trustee"
}
if ($Trustee -notmatch '\\') {
$ADResolved = (Resolve-SamAccount -SamAccount $Trustee -Exit:$true)
$Trustee = 'WinNT://',"$env:userdomain",'/',$ADResolved -join ''
} else {
$ADResolved = ($Trustee -split '\\')[1]
$DomainResolved = ($Trustee -split '\\')[0]
$Trustee = 'WinNT://',$DomainResolved,'/',$ADResolved -join ''
}
if (!$InputFile) {
if (!$Computer) {
$Computer = Read-Host "Please input computer name"
}
[string[]]$Computer = $Computer.Split(',')
$Computer | ForEach-Object {
$_
Write-Host "Adding `'$ADResolved`' to Administrators group on `'$_`'"
try {
([ADSI]"WinNT://$_/Administrators,group").add($Trustee)
Write-Host -ForegroundColor Green "Successfully completed command for `'$ADResolved`' on `'$_`'"
} catch {
Write-Warning "$_"
}
}
}
else {
if (!(Test-Path -Path $InputFile)) {
Write-Warning "Input file not found, please enter correct path"
exit
}
Get-Content -Path $InputFile | ForEach-Object {
Write-Host "Adding `'$ADResolved`' to Administrators group on `'$_`'"
try {
([ADSI]"WinNT://$_/Administrators,group").add($Trustee)
Write-Host -ForegroundColor Green "Successfully completed command"
} catch {
Write-Warning "$_"
}
}
}