Hello all,

I've been reading this Scripting Guy article on discovering users in your computer's local Administrator's group, and I have chosen the method that uses the .NET framework class System.DirectoryServices.AccountManagement.IdentityType:

Add-Type -AssemblyName system.directoryservices.accountmanagement

$ContextType = [System.DirectoryServices.AccountManagement.ContextType]::Machine

$LocalMachineContext = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext -ArgumentList $ContextType, $env:COMPUTERNAME

$IdentityType = [System.DirectoryServices.AccountManagement.IdentityType]::SamAccountName

$LocalAdministratorsGroup = [System.DirectoryServices.AccountManagement.GroupPrincipal]::FindByIdentity($LocalMachineContext, $IdentityType, "Administrators")

$LocalAdministratorsGroup.Members

This works great for discovering Local users. My question is, using the above class, I can't seem to find a way to add/remove any of the users that I found from the Local group. Is there a way using the .NET framework class above to add/remove members of a Local group on your computer, or will I need to use another approach (like using the [ADSI] accelerator or something)?

• Edited by KentYeabower Tuesday, July 21, 2015 8:36 PM