Powershell to add a user to a group on remote machines

Problem:
A new Developer is brought on board and needs access to the ULS logs on 10 different machines.

2 part solution:
Part 1:
This only has to be done once, so I did this manually, A powershell script would be great for this, but I don’t have one – Sorry!

  • Create a local group on each server called “LogReaders”
  • Share the ULS logs folder on each server
  • Add “read” permissions to the “LogReaders” group to the share/NTFS permissions for the ULS log folder

Part 2:
Use the following script, updating values to match your environment –
Run the script as needed, each time a new developer needs access to the log folders

#AddUserToLogs.ps1
#this script is an adaptation of a forum post by jrv: http://social.technet.microsoft.com/Forums/en-US/ITCG/thread/35b8022e-7c0e-49fb-b4c7-346b83ed3fd0/
#jrv (http://social.technet.microsoft.com/profile/jrv/?ws=usercard-mini) provided the function Add-LocalUser
# I added the wrapper to make it work for my needs
function main {

	$user = "userIDneededtobeadded"
	$domain = "yourdomain"
	$Group = "LogReaders"
	$computers = @("computernanme1", "computername2", "computername3", "etc..") 

	foreach ($Computer in $Computers) {
		write-host $computer -foregroundcolor green
		Add-LocalUser -Computer $Computer -group $group -userdomain $domain -username $user
	}
}

function Add-LocalUser{
     Param(
        $computer=$env:computername,
        $group="LogReaders",
        $userdomain=$env:userdomain,
        $username=$env:username
    )
        ([ADSI]"WinNT://$computer/$Group,group").psbase.Invoke("Add",([ADSI]"WinNT://$domain/$user").path)
}

main

One thought on “Powershell to add a user to a group on remote machines

Leave a Reply