Add-​Local​Group​Member

Adds members to a local group.

Syntax

Add-LocalGroupMember
   [-Group] <LocalGroup>
   [-Member] <LocalPrincipal[]>
   [-Confirm]
   [-WhatIf]
   [<CommonParameters>]
Add-LocalGroupMember
   [-Name] <String>
   [-Member] <LocalPrincipal[]>
   [-Confirm]
   [-WhatIf]
   [<CommonParameters>]
Add-LocalGroupMember
   [-SID] <SecurityIdentifier>
   [-Member] <LocalPrincipal[]>
   [-Confirm]
   [-WhatIf]
   [<CommonParameters>]

Description

The Add-LocalGroupMember cmdlet adds users or groups to a local security group. All the rights and permissions that are assigned to a group are assigned to all members of that group.

Members of the Administrators group on a local computer have Full Control permissions on that computer. Limit the number of users in the Administrators group.

If the computer is joined to a domain, you can add user accounts, computer accounts, and group accounts from that domain and from trusted domains to a local group.

Examples

Example 1: Add members to the Administrators group

PS C:\> Add-LocalGroupMember -Group "Administrators" -Member "Admin02", "MicrosoftAccount\username@Outlook.com", "AzureAD\DavidChew@contoso.com", "CONTOSO\Domain Admins"

This command adds several members to the local Administrators group. The new members include a local user account, a Microsoft account, an Azure Active Directory account, and a domain group. This example uses a placeholder value for the user name of an account at Outlook.com.

Required Parameters

-Group

Specifies the security group to which this cmdlet adds members.

Type:LocalGroup
Position:0
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-Member

Specifies an array of users or groups that this cmdlet adds to a security group. You can specify users or groups by name, security ID (SID), or LocalPrincipal objects.

Type:LocalPrincipal[]
Position:1
Default value:None
Accept pipeline input:True (ByPropertyName, ByValue)
Accept wildcard characters:False
-Name

Specifies the name of the security group to which this cmdlet adds members.

Type:String
Position:0
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-SID

Specifies the security ID of the security group to which this cmdlet adds members.

Type:SecurityIdentifier
Position:0
Default value:None
Accept pipeline input:False
Accept wildcard characters:False

Optional Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False
-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

System.Management.Automation.SecurityAccountsManager.LocalGroup, System.String, System.Security.Principal.SecurityIdentifier

You can pipe a local principal, a string, or a SID to this cmdlet.

Outputs

None

This cmdlet does not generate any output.

Notes

  • The PrincipalSource property is a property on LocalUser, LocalGroup, and LocalPrincipal objects that describes the source of the object. The possible sources are as follows:

  • Local

  • Active Directory
  • Azure Active Directory group
  • Microsoft Account

PrincipalSource is supported only by Windows 10, Windows Server 2016, and later versions of the Windows operating system. For earlier versions, the property is blank.