Add-LocalGroupMember

Adds members to a local group.

Syntax

Add-LocalGroupMember
   [-Group] <LocalGroup>
   [-Member] <LocalPrincipal[]>
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Add-LocalGroupMember
   [-Member] <LocalPrincipal[]>
   [-Name] <String>
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]
Add-LocalGroupMember
   [-Member] <LocalPrincipal[]>
   [-SID] <SecurityIdentifier>
   [-WhatIf]
   [-Confirm]
   [<CommonParameters>]

Description

The Add-LocalGroupMember cmdlet adds users or groups to a local security group. All the rights and permissions that are assigned to a group are assigned to all members of that group.

Members of the Administrators group on a local computer have Full Control permissions on that computer. Limit the number of users in the Administrators group.

If the computer is joined to a domain, you can add user accounts, computer accounts, and group accounts from that domain and from trusted domains to a local group.

Note

If the computer is joined to a domain and you try to add a local user that has the same name as a member of the domain it adds the domain member.

Examples

Example 1: Add members to the Administrators group

This command adds several members to the local Administrators group. The new members include a local user account, a Microsoft account, a Microsoft Entra account, and a domain group. This example uses a placeholder value for the user name of an account at Outlook.com.

Add-LocalGroupMember -Group "Administrators" -Member "Admin02", "MicrosoftAccount\username@Outlook.com", "AzureAD\DavidChew@contoso.com", "CONTOSO\Domain Admins"

Parameters

-Confirm

Prompts you for confirmation before running the cmdlet.

Type:SwitchParameter
Aliases:cf
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

-Group

Specifies the security group to which this cmdlet adds members.

Type:Microsoft.PowerShell.Commands.LocalGroup
Position:0
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-Member

Specifies an array of users or groups that this cmdlet adds to a security group. You can specify users or groups by name, security ID (SID), or LocalPrincipal objects.

Type:Microsoft.PowerShell.Commands.LocalPrincipal[]
Position:1
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False

-Name

Specifies the name of the security group to which this cmdlet adds members.

Type:String
Position:0
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-SID

Specifies the security ID of the security group to which this cmdlet adds members.

Type:SecurityIdentifier
Position:0
Default value:None
Required:True
Accept pipeline input:False
Accept wildcard characters:False

-WhatIf

Shows what would happen if the cmdlet runs. The cmdlet is not run.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:False
Required:False
Accept pipeline input:False
Accept wildcard characters:False

Inputs

System.Management.Automation.SecurityAccountsManager.LocalGroup

You can pipe a local principal to this cmdlet.

String

You can pipe a string to this cmdlet.

SecurityIdentifier

You can pipe a SID to this cmdlet.

Outputs

None

This cmdlet returns no output.

Notes

Windows PowerShell includes the following aliases for Add-LocalGroupMember:

  • algm

The Microsoft.PowerShell.LocalAccounts module is not available in 32-bit PowerShell on a 64-bit system.

The PrincipalSource property is a property on LocalUser, LocalGroup, and LocalPrincipal objects that describes the source of the object. The possible sources are as follows:

  • Local
  • Active Directory
  • Microsoft Entra group
  • Microsoft Account

PrincipalSource is supported only by Windows 10, Windows Server 2016, and later versions of the Windows operating system. For earlier versions, the property is blank.