Add or Remove a Computer Account from a Group






Add or Remove a Computer Account from a Group

Problem

You want to add or remove a computer account from an Active Directory security group.

Solution

Using a graphical user interface
  1. Open the ADUC snap-in.

  2. If you need to change domains, right-click on "Active Directory Users and Computers" in the left pane, select "Connect to Domain," enter the domain name, and click OK.

  3. In the left pane, browse to the parent container of the objects you want to modify.

  4. In the right pane, highlight each object you want to modify, right-click, and select Properties.

  5. On the Member of tab, click Add.

  6. Click the group to which you want to add the computer, and then click Add. To add the computer to more than one group, press Ctrl while selecting the groups you want to add the computer to, and then click Add.

  7. To remove a group, select the group object and click Remove.

  8. Click OK to finish.

Using a command-line interface

To add a computer object to a group, use the following syntax:

	> admod b "<GroupDN>" member:+:"<ComputerDN>"

To remove an object, replace :+: with :-: in the previous syntax.


Using VBScript
	' This code adds and removes a computer object from a group.
	' ------ SCRIPT CONFIGURATION ------
	strGroupDN = "<GroupDN>" ' e.g. cn=SalesGroup,ou=Groups,dc=rallencorp,dc=com
	strComputerDN = "<ComputerDN>" ' e.g. cn=Fin101,cn=Computers,dc=rallencorp,dc=com
	' ------ END CONFIGURATION ---------

	set objGroup = GetObject("LDAP://" & strGroupDN)
	' Add a member
	objGroup.Add("LDAP://" & strComputerDN)

	' Remove a member
	objGroup.Remove("LDAP://" & strComputerDN)

Discussion

In Active Directory, both user and computer objects are security principals that can be assigned rights and permissions within a domain. As such, computer objects can be added to or removed from group objects to make for simpler resource administration. You can make this change through ADUC or ADSI Edit, or by manually editing the member attribute of the appropriate group object.

See Also

MSDN: NT-Group-Members attribute [AD Schema] and MSDN: Member Attribute [AD Schema]



 Python   SQL   Java   php   Perl 
 game development   web development   internet   *nix   graphics   hardware 
 telecommunications   C++ 
 Flash   Active Directory   Windows