question

MikeDoe-5728 avatar image
0 Votes"
MikeDoe-5728 asked snork13-1325 edited

Add domain user to local admin group with MDT

Hi everyone,

I have a working task sequence which install Windows 10 pretty well inside a domain and I would like to add this feature : AdminAccounts.

The rule "SkipAdminAccounts=NO" is set, the page appears correctly during the Wizard, but ir does nothing.

I haven't see any error or warning in any logs (or maybe I didn't search in the right place).

Maybe I'm missing the right task in my sequence ?

If someone could help me, I'll appreciate.

Regards
Michael

windows-10-setupmem-mdt
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

SimonRenMSFT-3639 avatar image
0 Votes"
SimonRenMSFT-3639 answered SimonRenMSFT-3639 commented

Hi,

Thanks for posting in Microsoft MECM Q&A forum.

1, We could try to create a .bat file like this:

net user "owner" "mypassword" /add
net localgroup "Administrators" "owner" /add
WMIC USERACCOUNT WHERE "Name='owner'" SET PasswordExpires=FALSE
WMIC USERACCOUNT WHERE "Name='owner'" SET Passwordchangeable=FALSE
Then import this.bat file as an application in MDT. The command line for the application will be filename.bat

2, We could also try to prestage the computer under Advanced Configuration>Computers. Add the computer and go into Properties. On the Administrators tab you can add an existing local user on the image or domain user as an admin.


Thanks for your time.

Best regards,
Simon


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
https://docs.microsoft.com/en-us/answers/articles/67444/email-notifications.html

· 7
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,
Thanks for your answer but i'm afraid that it doesn't suit for my usage.
i can't prepare in advance the local admin I want to add during the deployment because it changes every time (the owner of the computer).

There are a feature inside MDT, so I would like to use it correctly. It does exactly what I want to do.

Do you know which script is called for this action ? Or which task of the sequence does this action ?
Regards

0 Votes 0 ·

Hi,

Thanks for your reply.

1.Are the Windows 10 comptures joined domain? When SkipAdminAccounts is set to NO, the Wizard page is displayed, and the information on that page is collected. However, this page does not actually create accounts, instead it just adds pre-existing user accounts and adds them to the local Administrators group. This scenario is only valid when you are joining the machine to a domain, so you must Join to the Domain. Refer to:
Adding a domain user to Local Admin Groups using MDT 2012
2.Please help check the BDD.log, SMSTS.log, Wizard.log and setupact.log to see if there is any further information for troubleshooting.

Bset regards,
Simon


If the response is helpful, please click "Accept Answer" and upvote it.


0 Votes 0 ·

Hi,

Thanks for your reply and help.

  1. Yes it correctly joined the domain and the wizard page to add users was displayed. I've set 3 existing users in my domain (included the one I use every day) in these inputs.

  2. There are only two references to these account : in Wizard.log (<![LOG[Property Administrators001 is now = domain\user1]LOG]!>). And in BDD.log for exactly the same line. But nothing else (about the account or with "Administrators001") in all the logs you've cite.

I think it records my accounts, but when it has to deal with, it does nothing or the command failed but it's not logged.

Do you know at which task in the TS this action is performed ?

Best Regards



0 Votes 0 ·
Show more comments
WRaspe-5601 avatar image
0 Votes"
WRaspe-5601 answered

which local admin group?
I have an script which add the user to local group

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

snork13-1325 avatar image
0 Votes"
snork13-1325 answered snork13-1325 edited

adding user to local admin group is a built in feature, you add user and they will be admin of the device if needed, you just need to set up the custom setting correctly.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.