Public/ActiveDirectory/Add-ToLocalGroup.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
function Add-ToLocalGroup {
    <#
    .SYNOPSIS
    Adds a user or a group to local administrators of a remote computer

    .PARAMETER ComputerName
    Destination computer name where to add user or group (Identity parameter).

    .PARAMETER Group
    Destination local group the Identity should be added to.

    .PARAMETER DomainName
    Domain name - required for user/group string creation. Can be a workgroup or local computer name instead of domain name.

    .PARAMETER Type
    Type of identity to add - user or group.

    .PARAMETER Identity
    Identity of a user/group to add. Provide samaccountname

    .EXAMPLE
    This will add 'someuser' to 'somecomputer' as local administrator for default domain Objectivity
    Add-ToLocalGroup -ComputerName 'somecomputer' -Group Administrators -Type User -Identity 'someuser'
    #>


    [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidDefaultValueForMandatoryParameter', '')]
    [CmdletBinding()]
    [OutputType([void])]
    param(
        [Parameter(Mandatory=$true,HelpMessage='Destination Computer name')]
        [string[]]
        $ComputerName='localhost',

        [Parameter(Mandatory=$true,HelpMessage='Local Group to add Identity to')]
        [string]
        $Group,

        [Parameter(Mandatory=$false,HelpMessage='Domain or workgroup name')]
        [string]
        $DomainName,

        [Parameter(Mandatory=$true,HelpMessage='Type of Identity to add')]
        [ValidateSet('User', 'Group')]
        [string]
        $Type,

        [Parameter(Mandatory=$true,HelpMessage='Identity to add')]
        [string]
        $Identity
   )

    $LocalGroup = [ADSI]"WinNT://$ComputerName/$Group,group"
    if ($Type -eq 'Group') {
        $addgroup = [ADSI]"WinNT://$DomainName/$Identity,group"
        $LocalGroup.Add($addgroup.Path)
    }
    elseif ($Type -eq 'User') {
        $addUser = [ADSI]"WinNT://$DomainName/$Identity,user"
        $LocalGroup.Add($addUser.Path)
    }
    Write-Log -Info "Added {$Identity} Type {$Type} to local group {$Group} on {$Computername}"
}