≡ Menu

Add domain group to local administrators

Do you want to add a domain group to local administrators group? We can do this from CMD using ‘net localgroup’ command. In corporate network, IT administrators would like to have ability to manage all Windows computers connected to the network. This can be accomplished by having an active directory group with all administrators domain accounts added to it and then add this group to the local admin group on each of the host. This avoids adding each of the users separately to the local group.

How to add domain group to local administrators group

  1. Open elevated command prompt
  2. Run the command
    net localgroup administrators domainName\domainGroupName /ADD

Example:

C:>net localgroup administrators corpdomain\IT-Admins /ADD
The command completed successfully.
C:\>

The above command can be verified by listing all the members of the local admin group.

C:\>net localgroup administrators
Alias name     administrators
Comment        Administrators have complete and unrestricted access to the computer/domain

Members
-------------------------------------------------------------------------------
Administrator
corpdomain\Domain Admins
corpdomain\IT-Admins
corpdomain\user1
The command completed successfully.

Do you need to have admin privileges on the domain controller to run the above command? No, you only need to have admin privileges on the local computer. This only grants access on the local computer resources, so no domain privileges required.

2 comments… add one
  • Erik

    C:\Windows\system32>net localgroup “Remote Desktop Users” “FMHO\Domain Users” /add
    There is no such global user or group: “FMH0\Domain.

    There is no such global user or group: Users”.

    -So-

    C:\Windows\system32>net localgroup “Remote Desktop Users” FMH0\”Domain Users” /add
    The syntax of this command is:

    NET LOCALGROUP
    [groupname [/COMMENT:”text”]] [/DOMAIN]
    groupname {/ADD [/COMMENT:”text”] | /DELETE} [/DOMAIN]
    groupname name […] {/ADD | /DELETE} [/DOMAIN]

    -so-

    C:\Windows\system32>net localgroup “Remote Desktop Users” “Domain Users” /add /FMH0.local
    The option /FMH0.LOCAL is unknown.

    The syntax of this command is:

    NET LOCALGROUP
    [groupname [/COMMENT:”text”]] [/DOMAIN]
    groupname {/ADD [/COMMENT:”text”] | /DELETE} [/DOMAIN]
    groupname name […] {/ADD | /DELETE} [/DOMAIN]

Leave a Comment