This is quick post about a script the performs a specific action, there is no need to go through the understanding and workflows, you can will either will need to use this or you won’t, simple.
This script targets the "Administrators" group but you can change the code to target any local group if you have access to the server to make this change, it will then cycle though all the servers in the $servers and add the Domain Group to the Administrators groups locally.
Note : In this example we are adding the Domain group bear.local\Local-Administrators to the local group "Administrators"
Script : AddDomaintoAdmin.ps1
# List of target servers
$servers = @(
"bearwrk1.bear.local",
"bearwrk2.bear.local",
"bearwrk3.bear.local"
)
# Domain account to add
$domainAccount = "bear.local\Local-Administrators"
foreach ($server in $servers) {
Write-Host "`n=== Processing $server ===" -ForegroundColor Cyan
# Test server connectivity first
if (-not (Test-Connection -ComputerName $server -Count 1 -Quiet)) {
Write-Host "Cannot reach $server - server appears to be offline" -ForegroundColor Red
continue
}
# Test if we can access admin shares (indicates proper authentication)
if (-not (Test-Path "\\$server\admin`$")) {
Write-Host "Cannot access administrative shares on $server - possible authentication issue" ForegroundColor Red
continue
}
try {
Write-Host "Checking current administrators group membership..." -ForegroundColor Gray
$currentMembers = net localgroup administrators /domain 2>&1
# Check if account is already a member
if ($currentMembers -match [regex]::Escape($domainAccount)) {
Write-Host "$domainAccount is already a member of administrators group on $server" -ForegroundColor Yellow
continue
}
Write-Host "Adding $domainAccount to Administrators group..." -ForegroundColor Gray
$result = net localgroup administrators "$domainAccount" /add /domain 2>&1
if ($LASTEXITCODE -eq 0) {
Write-Host "Command executed successfully. Verifying addition..." -ForegroundColor Gray
Start-Sleep -Seconds 2 # Give it a moment to process
$verifyResult = net localgroup administrators | Select-String $domainAccount
if ($verifyResult) {
Write-Host "Successfully verified $domainAccount addition to administrators group on $server" -ForegroundColor Green
} else {
Write-Host "Warning: Command appeared successful but unable to verify member in group" ForegroundColor Yellow
}
} else {
throw $result
}
}
catch {
Write-Host "Error processing $server`: $_" -ForegroundColor Red
Write-Host "Full error details:" -ForegroundColor Red
$_ | Format-List * -Force
}
}
Write-Host "`nProcess complete. Please verify access on each server.