Skip to content

January 21, 2016


Add Domain User to Local Admin Group via DSC

by Scott Newman

Toying with DSC.  Here is some code to add a user to a local administrators group via DSC.  Use at your own risk.  Marginally tested (works on my machine…).


configuration UserConfig{

    Import-DscResource -ModuleName PSDesiredStateConfiguration    

    node $AllNodes.NodeName{

        Group Admin{
            GroupName = 'Administrators'
            Ensure = 'Present'
            #PsDscRunAsCredential = $mycreds
            Credential = $DomainCredential
            Members = @('domainname\username')


$configData = @{
    AllNodes = @(
            NodeName = 'SEAPR1DBBAT046'
            PSDscAllowPlainTextPassword = $true
            PSDscAllowDomainUser = $true

$cred = Get-Credential -UserName domain\user -Message "Password please"
UserConfig -DomainCredential $cred -ConfigurationData $configData
Read more from DSC, Powershell
2 Comments Post a comment
  1. You should use MembersToInclude rather than Members. By using Members you will remove any other users in your Administrators group not listed in your configuration. By using MembersToInclude, you’ll only add the users listed.

    • Jul 2 2017

      Good tip. I’ll drop it in. I’ve not touched dsc since this post I think.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: