OK, I figured out what was wrong. <Hanging head now>
There were three security groups that I was trying to add to the local security group. When the command failed the $useradm value was the middle of the three security groups so that was the name I was focusing on. It turns out the third name in my list had a typo, so it truly wasn't found. I kept looking at the value of $useradm and it kept pointing to the second group in my list so I didn't even look at the third item. How I found this is, I removed all the members from the local security group and ran the script. It put the first two groups into the local group, but not the third and gave the error. I then looked at the value of $useradm and again it contained the name of the second group in my list, yet that group was added to the local security group. That's when I went back to square one (which I should have done sooner than this) and rechecked the name of the three security groups that I wanted to be contained in the local group. That's when I found the bad entry. I'm sorry to have taken up so much of everyone's time. I do want to thank everyone for being so helpful! Thanks, Ken ... From: [email protected] [mailto:[email protected]] On Behalf Of Michael B. Smith Sent: Monday, November 17, 2014 5:05 PM To: [email protected] Subject: [powershell] RE: ADSI help Well, I understand the post, but distribution list/forum/website help is by nature somewhat limited, based on the amount of information a 'client' can reasonably share... I'm certain that, with a few minutes in the OP's environment, I could figure out what is happening. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Crawford, Scott Sent: Monday, November 17, 2014 7:13 PM To: [email protected]<mailto:[email protected]> Subject: [powershell] RE: ADSI help That's how I feel about a lot of what I read. ;) From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Michael B. Smith Sent: Monday, November 17, 2014 6:08 PM To: [email protected]<mailto:[email protected]> Subject: [powershell] RE: ADSI help This post can help you figure it out, if you understand it: http://blogs.technet.com/b/heyscriptingguy/archive/2013/10/27/the-admin-s-first-steps-local-group-membership.aspx From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Lutz, Ken Sent: Monday, November 17, 2014 6:47 PM To: [email protected]<mailto:[email protected]> Subject: [powershell] RE: ADSI help Yes, I am. That's why I'm confused as to what is going on. Thanks, Ken ... From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Michael B. Smith Sent: Monday, November 17, 2014 2:02 PM To: [email protected]<mailto:[email protected]> Subject: [powershell] RE: ADSI help Oh. Are you running this in a PowerShell session with elevated administrator privs? From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Lutz, Ken Sent: Monday, November 17, 2014 4:49 PM To: [email protected]<mailto:[email protected]> Subject: [powershell] RE: ADSI help Michael, Thanks for the reply. Yes, you are correct with your examples. I have verified that the user value for $useradm is a valid domain group. ("WinNT://$Domain/" + ($useradm -Replace ("$($domain)\\","")) + ",group") Returns: WinNT://Example/Michael,group Isn't that what it should return, and isn't that what the adsi command is looking for? Thanks, Ken ... From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Michael B. Smith Sent: Monday, November 17, 2014 12:07 PM To: [email protected]<mailto:[email protected]> Subject: [powershell] RE: ADSI help Without knowing the contents of $Domain or $useradm, it's practically impossible to guess. If you assume that $Domain = 'example' And that $useradm = 'example\michael' Then what that line is attempting to do is strip off "example\" in front of $useradm, and then add the user to the group identified by $adsi. $adsi.Add( "WinNT://example/michael,group" ) The error says that "michael" doesn't exist as a domain user in the "example" domain. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Lutz, Ken Sent: Monday, November 17, 2014 2:26 PM To: '[email protected]' Subject: [powershell] ADSI help I'm using the two scripts from this web site (http://thedesktopteam.com/blog/raphael/local-administrators-group-and-compliance-settings/) to verify and update membership of a local group on my workstations. In the second script is this command: $adsi.Add("WinNT://$Domain/" + ($useradm -Replace ("$($Domain)\\","")) + ",group") When I run the script I get this error, and I have no idea as to what the issue is. I am running this from an 'Administrative' level PowerShell session. At this point I'm just trying to verify that the script is doing what I want it to do before I go to SCCM and setup the Compliance stuff. What am I missing, or have wrong? $Domain has a valid value, and $useradm is also valid, in this format <domain name>\<user name> $members is also a valid list of 3 users in the same format as $useradm. [cid:[email protected]] Thanks! Ken Lutz Senior Systems Administrator Information Systems Department Spokane County 815 N. Jefferson Spokane, Washington 99260 [cid:[email protected]] ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1 ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1 ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1 ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1 ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1 ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1 ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1 ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1 ================================================ Did you know you can also post and find answers on PowerShell in the forums? http://www.myitforum.com/forums/default.asp?catApp=1
