Access denied adding domain user to local administrators group

powershell adsi

beehaus · Aug 6, 2015 · Viewed 9.5k times · Source

When adding a domain user to the local administrators group I receive an access denied, this worked before and now sadly and strangely it no longer does.

$user = "mydomain/user"
$group = [ADSI]"WinNT://./Administrators,group"
$group.Add("WinNT://$user,user")

Exception calling "Add" with "1" argument(s): "Access is denied. " At C:\test\Untitled5.ps1:3 char:1 + $group.Add("WinNT://$user,user") + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvokeTI

Logged on as a domain administrator

Same error using the PowerShell ISE or the console

Yet, I am able to add the user through the Computer Management MMC snap-in, no problem.

Answer

This is most likely User Account Control (UAC) related. Make sure you run PowerShell "As Administrator." Otherwise, if you're not running "as admin," you're running PowerShell under your user's account's standard user token, which doesn't have access to make this change.

Access denied adding domain user to local administrators group

Answer

Related questions