AD UDF - _AD_AddGroupToGroup question

blumi · December 10, 2020

Hi,

I want to use the AD UDF to add a group from the domain into a local group of my pc.

I want to use _AD_AddGroupToGroup($sTarget, $sObject) for this.

I am not sure how to feed this function.

$sObject should be the name of the group from the domain I think and $sTarget my local group on the pc.

$sObject = "DN=nameofaspecialpc,OU=specialpcs,DC=xxx,DC=yyy,DC=de"

nameofaspecialpc is a group.

How to handle the target? FQDN input for my local pc which is member of a domain?

Who can help me with a small example for $sTarget, let's say the local Administrator group of the pc.

Thank you

Edited December 10, 2020 by blumi

blumi · December 11, 2020

Any ideas?

You need more infos?

water · December 11, 2020

Something like this?

The title of the thread is misleading. The code adds a group.

blumi · December 11, 2020

I know the net local group etc.

I thought the AD UDF will do this, so I don't have to use the net local group or the WinNT commands?

Does the UDF handle this or not?

Edited December 11, 2020 by blumi

water · December 11, 2020

No, the AD UDF only handles AD objects.

But what is wrong with the WMI approach?

blumi · December 11, 2020

I tried it different times but did not get it to work.

But then I will try it again and post my code here if it will not work.

water · December 11, 2020

Or check this thread (they add a user but should work for groups as well):

Make sure to add a COM error handler to get better error information!

blumi · March 19, 2021

I did some more tries and found some nice powershell cmdlets

https://community.idera.com/database-tools/powershell/powertips/b/tips/posts/exploring-local-account-management-cmdlets

My goal first is to add a local user "test" to the local user group "Administratoren" (German Windows)

https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.localaccounts/add-localgroupmember?view=powershell-5.1

Here I created a local user "test" an my system and tried in the powershell comannd the following lines. (Not in AutoScript)

Add-LocalGroupMember -Group "Administratoren" -Member "test"
Add-LocalGroupMember -Group 'Administratoren' -Member 'test'

Both work so next step was to try to handle this via autoit script.

$ScriptName = "test"
$success = RunWait("C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Command Add-LocalGroupMember -Group 'Administratoren' -Member 'test' ")
MsgBox(64, $ScriptName, "success: " & $success & @CRLF & "Error: " & @error)

The error is 0 but no user was added to the group "Administratoren".

Of course I have removed the added user before testing.

Who can help?

Thank you

water · March 19, 2021

I use the following code to grab the Powershell output from Stdout and Stderr (this was a Q&D solution so the code could be optimized):

$sCMD = "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -file " & @ScriptDir & "\PS-Command-to-Execute.ps1"
    $pid = Run($sCMD, @SystemDir, @SW_HIDE, $STDIN_CHILD + $STDOUT_CHILD + $STDERR_CHILD)
    ; End Powershell
    StdinWrite($pid, @CRLF)
    StdinWrite($pid)
    ; Process Stdout
    $sSTDOUT = ""
    While 1
        $sOutput = StdoutRead($pid)
        If @error Then ExitLoop
        If $sOutput <> "" Then $sSTDOUT = $sSTDOUT & @CRLF & $sOutput ; Only process non-empty lines
    WEnd
    ConsoleWrite("STDOUT:" & @CRLF & $sSTDOUT & @CRLF)
    ; Process Stderr
    $sSTDERR = ""
    While 1
        $sOutput = StderrRead($pid)
        If @error Then ExitLoop
        If $sOutput <> "" Then $sSTDERR = $sSTDERR & @CRLF & $sOutput ; Only process non-empty lines
    WEnd
    ConsoleWrite("STDERR:" & @CRLF & $sSTDERR & @CRLF)

blumi · March 23, 2021

On 3/19/2021 at 5:42 PM, water said:

I use the following code to grab the Powershell output from Stdout and Stderr (this was a Q&D solution so the code could be optimized):

$sCMD = "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -file " & @ScriptDir & "\PS-Command-to-Execute.ps1"
    $pid = Run($sCMD, @SystemDir, @SW_HIDE, $STDIN_CHILD + $STDOUT_CHILD + $STDERR_CHILD)
    ; End Powershell
    StdinWrite($pid, @CRLF)
    StdinWrite($pid)
    ; Process Stdout
    $sSTDOUT = ""
    While 1
        $sOutput = StdoutRead($pid)
        If @error Then ExitLoop
        If $sOutput <> "" Then $sSTDOUT = $sSTDOUT & @CRLF & $sOutput ; Only process non-empty lines
    WEnd
    ConsoleWrite("STDOUT:" & @CRLF & $sSTDOUT & @CRLF)
    ; Process Stderr
    $sSTDERR = ""
    While 1
        $sOutput = StderrRead($pid)
        If @error Then ExitLoop
        If $sOutput <> "" Then $sSTDERR = $sSTDERR & @CRLF & $sOutput ; Only process non-empty lines
    WEnd
    ConsoleWrite("STDERR:" & @CRLF & $sSTDERR & @CRLF)

Thanks for the code, it was a permission problem. I forgot #requireAdmin, now it works and adds a local user.

Next step, I want to add a domain group (not user) to the local group Administratoren.

I am not sure about the syntax with the domain.

I tried "domainname\Lokale Administratoren\groupname"

$sCMD = "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Command Add-LocalGroupMember -Group 'Administratoren' -Member 'Domain\Lokale Administratoren\groupname'"
    $pid = Run($sCMD, @SystemDir, @SW_HIDE, $STDIN_CHILD + $STDOUT_CHILD + $STDERR_CHILD)
    ; End Powershell
    StdinWrite($pid, @CRLF)
    StdinWrite($pid)
    ; Process Stdout
    $sSTDOUT = ""
    While 1
        $sOutput = StdoutRead($pid)
        If @error Then ExitLoop
        If $sOutput <> "" Then $sSTDOUT = $sSTDOUT & @CRLF & $sOutput ; Only process non-empty lines
    WEnd
    ConsoleWrite("STDOUT:" & @CRLF & $sSTDOUT & @CRLF)
    ; Process Stderr
    $sSTDERR = ""
    While 1
        $sOutput = StderrRead($pid)
        If @error Then ExitLoop
        If $sOutput <> "" Then $sSTDERR = $sSTDERR & @CRLF & $sOutput ; Only process non-empty lines
    WEnd
    ConsoleWrite("STDERR:" & @CRLF & $sSTDERR & @CRLF)

Sadly the group was not found, I think I use the wrong syntax.

This what I have copied from the console

Add-LocalGroupMember : Der Prinzipal Domain\Lokale Administratoren\groupname wurde nicht gefunden.

Domain and groupname I have changed, don't want to post it here.

On 3/19/2021 at 5:42 PM, water said:

water · March 23, 2021

Unfortunately I have never worked with local groups.
But the forum has some threads discussing the subject. Example:

blumi · March 25, 2021

These is the "old" WinNT syntax, looks completeley different to the powershell syntax to me.

I will try to get more infos about the powershell syntax.

Sign In

AD UDF - _AD_AddGroupToGroup question

Recommended Posts

blumi

blumi

water

blumi

water

blumi

water

blumi

water

blumi

water

blumi

Create an account or sign in to comment

Create an account

Sign in

Browse

AutoIt Resources

Release

Beta