Adding Account on Remote Local Administrator Groups

This topic contains 0 replies, has 1 voice, and was last updated by  Forums Archives 5 years, 8 months ago.

  • Author
    Posts
  • #6313

    by srothman at 2013-04-01 04:17:29

    Hi all,

    New here, stumbled across this when looking for a solution for a script I am working on, but I can see I'll be spending a lot of time here, hopefully contributing to the forum. For today, though, I need some help.

    I am looking fro a way to add a specific AD Group, and a specific AD service account to the local Administrators group of several servers (mostly virtual servers, not that it should matter). At the moment I have a script that imports a CSV file with server information that I use to automate the build of the specific servers. I would like to use the same CSV and import it with a script to add a global group, and a server-specific username to each server.

    Up to now, I've been able to accomplish this on a single remote server with the information specified in the script, i.e. not from imported the CSV. This is where I have the challenge. The CSV format looks like this:

    vmname,vmpath,vmhost,vmtemplate,vmmemory,vmcpu,vmhostname, vmsvcacc
    Server01,c:\clusterstorage\volume1,HyperV-01,SRV2K8R2SP1_STD,16384,4,Server01, server01svc
    Server02,c:\clusterstorage\volume2,HyperV-02,SRV2K8R2SP1_STD,16384,4,Server02, server02svc

    The script I have that actually works when I run it against a single server looks like this:

    $Domain = "corp"
    $Computer = "Server01"
    $egsgroup = "Group01"
    $Username = "Server01svc"

    # Bind to the local Administrators group on the computer.
    $Group = [ADSI]"WinNT://$Computer/Administrators,group"

    # Bind to the domain user.
    $egsgroup = [ADSI]"WinNT://$Domain/$egsgroup,group"

    # Bind to the domain user.
    $User = [ADSI]"WinNT://$Domain/$Username,user"

    # Add the egsgroup to the group.
    $Group.Add($egsgroup.Path)

    # Add the domain user to the group.
    $Group.Add($User.Path)

    When running this, the "corp\Server01svc" service account and the "corp\Group01" group is both added to the local Admins group on server "Server01". Perfect!

    What I would like to achieve is for this script to be executed against a list of servers imported from CSV, as per the example above, and that each server will get the service account associated with the particular hostname, i.e. Server01 will get service account server01svc, Server02 will get the service account server02svc, etc. The group "Group01" needs to be added to all the servers and doesn't change. I've tried changing the script around that I'm using to build the actual VMs, which looks like this...

    $servers = Import-Csv D:\servers.csv

    foreach ($serverobjects in $servers) {

    New-SCVirtualMachine -Name $serverobjects.vmname -path $serverobjects.vmpath -host $serverobjects.vmhost -template $serverobjects.vmtemplate -MemoryMB $serverobjects.vmmemory -CPUCount $serverobjects.vmcpu -ComputerName $serverobjects.vmhostname -RunAsynchronously

    }

    ...but I haven't been able to get it to work.

    Any suggestions on how I will be able to achieve this are very welcome.

    Thanks

    Sebastian

    by coderaven at 2013-04-01 09:15:10

    That should work fine.

    Function Add-ServerLocalAdmins
    {
    Param (
    $Domain, $Computer, $egsgroup, $Username
    )
    try {
    # Bind to the local Administrators group on the computer.
    $Group = [ADSI]"WinNT://$Computer/Administrators,group"
    # Bind to the domain user.
    $egsgroup = [ADSI]"WinNT://$Domain/$egsgroup,group"
    # Bind to the domain user.
    $User = [ADSI]"WinNT://$Domain/$Username,user"
    # Add the egsgroup to the group.
    $Group.Add($egsgroup.Path)
    # Add the domain user to the group.
    $Group.Add($User.Path)
    }
    catch
    { write-host "Error working on computer $computer"}
    }

    $servers = Import-Csv D:\servers.csv

    $Servers | foreach-object { Add-ServerLocalAdmins -Domain $_.Domain -Computer $_.Name -EGSGroup $_.Group -UserName $_.ServiceAccount }

    This is just a example, finish the function by adding proper error handling, verbose message, etc. Then integrate it into your process.

    Let me know if you have any further questions.

    by srothman at 2013-04-01 13:42:54

    Oh my gosh, thank you so much. With a little bit of tweaking that worked perfectly!

    If I may pick your brain, do I understand the script correctly:

    You create a new function called "Add-ServerLocalAdmins".
    You then define the variables in the "Param" block.
    You then import the CSV as the "$Servers" array (?)
    Execute the created function against each object in the array using "foreach-object".

    Again, thank you very much.

    by coderaven at 2013-04-01 14:09:31

    Correct.

You must be logged in to reply to this topic.