Adding a Domain user to a local group on a server using MSBUILD

Coordinator
May 4, 2011 at 5:59 PM
  • I have the following code:

    <Target Name="AddServiceUserToAdmins"> <MSBuild.ExtensionPack.Computer.ActiveDirectory TaskAction="AddUserToGroup" User="domain\user" MachineName="nameofserver" Group="Administrators" ContinueOnError="true" />

    <MSBuild.ExtensionPack.Computer.ActiveDirectory TaskAction="GrantPrivilege" User="domain\user" MachineName="nameofserver" Privilege="SeServiceLogonRight" ContinueOnError="true"/>

    </Target>

    Basically, I'm trying to add a domain account to the local admins group on a server, then grant that account "logon as a service" rights, then later on start a service as that account.

    The problem I'm having is that the AddUserToGroup is returning an error stating "user not found" when it does exist.

    Also, the GrantPrivilege of "SeServiceLogonRight" shows "Granting privilege to user : domain\user - SeServiceLogonRight, but if I go into the local security policy on the server and look at the "logon as a service", the account is not listed.

    Am I missing something?

    Andy

Coordinator
May 4, 2011 at 6:08 PM

Are you running these scripts on the target server or are you trying to do this remotely?

 

Mike

May 5, 2011 at 8:44 AM

Its running through an itemgroup list of servers, so its carrying out the command on the current server and on 3 other servers in the same AD domain.

(ignore the part re the SeServiceLogonRight - that seems ok, its just the add user to local group thats failing)

May 9, 2011 at 7:24 AM

Anyone?

I'm having to run PSEXEC and NET command to cover this add/remove to local group at the moment - would prefer to use the library method...