I'm looking for a one liner that can be typed in to add a domain user to a local group.  I know it can be done using net.exe but with the trend to move admin controls to powershell I doubt net.exe will be around much longer.  (It has issues with multiple domains anyway.)

So I'm looking for a powershell equivalent to this:

   net localgroup administrators /add DomainA\User1

v3 for Win8/2012 is fine, this is for new stuff.

I've seen a 2004 blog post for a script to do this but I'm looking for a oneliner about the size of the net command.

Thanks!

I don't think you're going to be fortunate to get that short of a command for local groups in PowerShell, but I could be wrong.  Technically speaking there is nothing "wrong" with running "net localgroup administrators /add DomainA\User1" from within PowerShell.  You could get fancier and literally pass that command to Invoke-Expression, but I get that's not what you are after.

A little newer Hey, Scripting Guy! Blog post might be what you are after Use PowerShell to Add Domain Users to a Local Group

However, he only gets it down to 2 lines of code:

$de = [ADSI]"WinNT://$computer/$Group,group" 
$de.psbase.Invoke("Add",([ADSI]"WinNT://$domain/$user").path)

Someone might be able to wrap that into a single line, but that might be as short as it gets in this case right now.

• Marked as answer by StefMahoney Tuesday, September 25, 2012 9:40 PM

I don't think you're going to be fortunate to get that short of a command for local groups in PowerShell, but I could be wrong.  Technically speaking there is nothing "wrong" with running "net localgroup administrators /add DomainA\User1" from within PowerShell.  You could get fancier and literally pass that command to Invoke-Expression, but I get that's not what you are after.

A little newer Hey, Scripting Guy! Blog post might be what you are after Use PowerShell to Add Domain Users to a Local Group

However, he only gets it down to 2 lines of code:

$de = [ADSI]"WinNT://$computer/$Group,group" 
$de.psbase.Invoke("Add",([ADSI]"WinNT://$domain/$user").path)

Someone might be able to wrap that into a single line, but that might be as short as it gets in this case right now.

• Marked as answer by StefMahoney Tuesday, September 25, 2012 9:40 PM

There's another post by Ed here.

I wouldn't be concerned with one liners. This can easily be made into a function so you can call it by a simple one liner.

example:

Add-UserToLocalGroup -User barnesa -LocalGroup Administrators

To add to Andrew's excellent post I suggest looking in the repository as there are numerous scripts there that will do this.

http://technet.microsoft.com/en-us/scriptcenter/dd793612.aspx

And I and lobbying for users to look first into the repository because you will find much to use and will like what you find.  Forgive me for my crassness but I failed "Marketing 101".  It put me to sleep.

Andrew, where can I find this function Add-UserToLocalGroup ? I need some module-import?

http://www.petri.co.il/managing-local-user-accounts-with-powershell.htm

http://gallery.technet.microsoft.com/Local-Account-Management-a777191b

What Andrew meant was that you could wrap this code in a function:

$de = [ADSI]"WinNT://$computer/$Group,group"
$de.psbase.Invoke("Add",([ADSI]"WinNT://$domain/$user").path)

You would need to pass it at least three parameters: Computer, Group, and User.  The domain could be hard-coded.

Cheers all:

A one liner to the rescue:

# use one line to add a user to a local group
([ADSI]"WinNT://$computer/$Group,group").psbase.Invoke("Add",([ADSI]"WinNT://$domain/$user").path)
#
#

Of course we can cheet a bit and write function all in one line(it is not really a one-liner;) )

# a function all on one line
function Add-LocalUser{Param($computer=$env:computername,$group='Guests',$userdomain=$userdomain,$useraccount=$username)([ADSI]"WinNT://$computer/$Group,group").psbase.Invoke("Add",([ADSI]"WinNT://$domain/$user").path)}
#
#
#

Of course making this readable is always preferred.

function Add-LocalUser{
     Param(
        $computer=$env:computername,
        $group='Guests',
        $userdomain=$env:userdomain,
        $username=$env:username
    )
        ([ADSI]"WinNT://$computer/$Group,group").psbase.Invoke("Add",([ADSI]"WinNT://$domain/$user").path)
}

It is also really easy now to add help.  Just add one single line and you will get:
     help Add-LocalUser
     Add-LocalUser -?
     -debug
     -verbose,
     -erroraction,
     -errorvriable,
     -warningaction,
     -warningvariable,
     -outvariable,
     -outbuffer

And much much more.

All this for one very simple line of code added to a function. (?one line?)

Nicely done, JRV. Coming up with one-liner solutions is a bit of a challenge, however, using them is even more of a challenge, and ususally more work, more typing, and more chance of error than embedding the code in a function that *is* easier to invoke with a one-liner command.

Al - yes - One-liners are nice at the console, I use them all of the time.  When one-liners are too complicated they can be couterproductive and, as you noted, prone to errors that are difficult to analyse.

Thanks guys.

This is for a server just a few seconds after it has an IP address, so I don't have the option of using prebuilt code since everything has to be new off the disc.  Sounds like something for MS to consider including in their commandlets.

Thanks!

I don't think you're going to be fortunate to get that short of a command for local groups in PowerShell, but I could be wrong.  Technically speaking there is nothing "wrong" with running "net localgroup administrators /add DomainA\User1" from within PowerShell.  You could get fancier and literally pass that command to Invoke-Expression, but I get that's not what you are after.

A little newer Hey, Scripting Guy! Blog post might be what you are after Use PowerShell to Add Domain Users to a Local Group

However, he only gets it down to 2 lines of code:

$de = [ADSI]"WinNT://$computer/$Group,group" 
$de.psbase.Invoke("Add",([ADSI]"WinNT://$domain/$user").path)

Someone might be able to wrap that into a single line, but that might be as short as it gets in this case right now.

I wrote mine like this, Just fill in your info and remove mine from the variables at the top..

It can be put into one line but I spread it out for easy reading and I am putting in about 40 of these in a row to add the same SQL Repl User into multiple SQL Security Groups.  Works like a charm! 

Thanks

WarParty

# use one line to add a user to a local group
$Computer = 'ExpressScriptsSQL33'

$Group = 'VHAWarSQLP'

$Domain = 'FQDN.WarParty.Com'

$User = 'DIT_SQLReplSvc'

([ADSI]"WinNT://$computer/$Group,group").psbase.Invoke("Add",([ADSI]"WinNT://$domain/$user").path)
#

could someone be so kind and add a loop to reference a machine.txt?

No.  This thread is closed and answered.

Function add-Localuser {
[cmdletbinding()]
Param
(
$Computer = '',
$Group = 'Administrators',
$Domain = 'SomeDomain.org',
$User = 'SomeUserID')
(

[ADSI]"WinNT://$computer/$Group,group").psbase.Invoke("Add",([ADSI]"WinNT://$domain/$user").path)

}
#use one of these methods to get server names...Comment/uncomment whichever
#is preferred. Also make sure to pass/hard set the domain/user/group.
$machines = Get-Content C:\temp\MyServers.txt
$machines = "MyServer0","MyServer1","MyServer2","MyServer3"

foreach ($m in $machines)
{
add-Localuser -computer $m

}

# you can also change the "Add" in the function to "Remove" or add a 
# parameter to pass it as a value.  

A little late reply, I know.  You could wrap this into an invoke-command.

invoke-command -computername $computer -scriptblock {net localgroup administrators /add DomainA\User1}

Kind of cheating, but gets the job done in one line :)