Add-LocalGroupMember
Adds members to a local group.
Syntax
Add-LocalGroupMember
[-Group] <LocalGroup>
[-Member] <LocalPrincipal[]>
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Add-LocalGroupMember
[-Member] <LocalPrincipal[]>
[-Name] <String>
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Add-LocalGroupMember
[-Member] <LocalPrincipal[]>
[-SID] <SecurityIdentifier>
[-WhatIf]
[-Confirm]
[<CommonParameters>]
Description
The Add-LocalGroupMember
cmdlet adds users or groups to a local security group. All the rights and
permissions that are assigned to a group are assigned to all members of that group.
Members of the Administrators group on a local computer have Full Control permissions on that computer. Limit the number of users in the Administrators group.
If the computer is joined to a domain, you can add user accounts, computer accounts, and group accounts from that domain and from trusted domains to a local group.
Note
If the computer is joined to a domain and you try to add a local user that has the same name as a member of the domain it adds the domain member.
Examples
Example 1: Add members to the Administrators group
This command adds several members to the local Administrators group. The new members include a local user account, a Microsoft account, a Microsoft Entra account, and a domain group. This example uses a placeholder value for the user name of an account at Outlook.com.
Add-LocalGroupMember -Group "Administrators" -Member "Admin02", "MicrosoftAccount\username@Outlook.com", "AzureAD\DavidChew@contoso.com", "CONTOSO\Domain Admins"
Parameters
-Confirm
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Group
Specifies the security group to which this cmdlet adds members.
Type: | Microsoft.PowerShell.Commands.LocalGroup |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-Member
Specifies an array of users or groups that this cmdlet adds to a security group. You can specify users or groups by name, security ID (SID), or LocalPrincipal objects.
Type: | Microsoft.PowerShell.Commands.LocalPrincipal[] |
Position: | 1 |
Default value: | None |
Required: | True |
Accept pipeline input: | True |
Accept wildcard characters: | False |
-Name
Specifies the name of the security group to which this cmdlet adds members.
Type: | String |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-SID
Specifies the security ID of the security group to which this cmdlet adds members.
Type: | SecurityIdentifier |
Position: | 0 |
Default value: | None |
Required: | True |
Accept pipeline input: | False |
Accept wildcard characters: | False |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | False |
Required: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
System.Management.Automation.SecurityAccountsManager.LocalGroup
You can pipe a local principal to this cmdlet.
You can pipe a string to this cmdlet.
You can pipe a SID to this cmdlet.
Outputs
None
This cmdlet returns no output.
Notes
Windows PowerShell includes the following aliases for Add-LocalGroupMember
:
algm
The Microsoft.PowerShell.LocalAccounts module is not available in 32-bit PowerShell on a 64-bit system.
The PrincipalSource property is a property on LocalUser, LocalGroup, and LocalPrincipal objects that describes the source of the object. The possible sources are as follows:
- Local
- Active Directory
- Microsoft Entra group
- Microsoft Account
PrincipalSource is supported only by Windows 10, Windows Server 2016, and later versions of the Windows operating system. For earlier versions, the property is blank.