Access denied adding domain user to local administrators group

beehaus picture beehaus · Aug 6, 2015 · Viewed 9.5k times · Source

When adding a domain user to the local administrators group I receive an access denied, this worked before and now sadly and strangely it no longer does.

$user = "mydomain/user"
$group = [ADSI]"WinNT://./Administrators,group"
$group.Add("WinNT://$user,user")

Exception calling "Add" with "1" argument(s): "Access is denied. " At C:\test\Untitled5.ps1:3 char:1 + $group.Add("WinNT://$user,user") + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [], MethodInvocationException + FullyQualifiedErrorId : CatchFromBaseAdapterMethodInvokeTI


Logged on as a domain administrator

Same error using the PowerShell ISE or the console

Yet, I am able to add the user through the Computer Management MMC snap-in, no problem.

Answer

Trevor Sullivan picture Trevor Sullivan · Aug 6, 2015

This is most likely User Account Control (UAC) related. Make sure you run PowerShell "As Administrator." Otherwise, if you're not running "as admin," you're running PowerShell under your user's account's standard user token, which doesn't have access to make this change.