Author Posts

December 13, 2016 at 3:10 pm


I am looking for a simple DSC script (using Group Resource) which can be used to add multiple AD groups in to local administrators on multiple servers. Could someone pls help

December 14, 2016 at 3:56 pm

Please see if below works for you in a test environment. You'll need to work with certificates to properly secure the credential password.

Configuration AddGroupMembers {

    param (



    Import-DscResource -ModuleName PSDesiredStateConfiguration -Name Group

    Node $AllNodes.NodeName { 
        Group AddGroupMembers {
            Ensure = 'Present'
            GroupName = $GroupName
            MembersToInclude = $MembersToInclude
            Credential = $Credential

$ConfigData = @{
    AllNodes = @(
            # the name of the target node
            NodeName = 'localhost'

            # This is not recommended, only for testing purposes. Replace with Thumbprint and CertificateFile after testing.
            PsDscAllowPlainTextPassword = $true

            # Suppress warning: It is not recommended to use domain credential ...
            PSDscAllowDomainUser = $true

$AddParams = @{
    GroupName = 'Event Log Readers'
    MembersToInclude = 'DOMAIN\my-group'
    Credential = (Get-Credential -Credential 'DOMAIN\admin user')
    ConfigurationData = $ConfigData
AddGroupMembers @AddParams

I hope that helps to get started. Additional details regarding the encryption can be found here:

The online documentation for the Group resource is here: