Hey all...  have been spending quite some time searching around for some guidance to what should be something easy for Powershell...  adding a user to the local admin group of a computer.

background.  I do have admin rights to the workstation I'm testing on and using Powershell V2.

I've seen a number of blog posts and snippets from the Microsoft Scripting guy and Scott Hanselman and a bunch of other well respected folks.  At the moment I have this snippet that I'm working with:

$computer =  [ADSI]("WinNT://" + $strComputer + ",computer")
$strUser = "TWtest" 
Set objGroup=GetObject("WinNT://" & $computer.name & "/Administrators") 
Set objUser=GetObject("WinNT://$strUser") 

Fairly straightforward I thought.  I'm going to want to add a domain user to a bunch of servers so I'm getting the computername and using that as a variable.  I'll prepopulate the username (in this case TWtest

The problem I'm running into is that I'm getting the following error:

Unexpected token '&' in expression or statement

It obviously points to line 3 (and then line 4), yet this seems to be a constant with every post I've seen... to concatenate the object using the & character.  

What am I doing wrong or just not understanding??

Or is there an easier way to accomplish this?

Thanks

$group = [adsi]"WinNT://$strcomputer/administrators"
$user = "TWtest"
$group.add("WinNT://yourDomainName/$user")

PS doesnt use the '&' char for concatenating strings. This is the invoke operator. Use the '+' char like you did above for string concatenation.  It also looks like your mixing in VBScript code, no es bueno dude. 

Aha... gotcha.  Thank you both.  I also realized that I must have mixed up my own scripts a bit:

The cleaner method would have been to leverage get-wmiobject to get the current computername (using the name property)

$computer = get-wmiobject win32_computersystem
$strUser ="TWtest"
Set objGroup=GetObject("WinNT://" + $computer.name + "/Administrators")
Set objUser=GetObject("WinNT://$strUser")

This runs now without error... but doesn't add the user (in this case TWtest) to the local administrator's group.  What am I missing?  Is there a pure powershell way of accomplishing this?

Ok, the reason you get no error is because when you call this line:

Set objGroup=GetObject("WinNT://" + $computer.name + "/Administrators")

PS thinks your setting a variable named "Objgroup=getobject" with the value of WinNT://" + $computer.name + "/Administrators"

The word 'Set' is an alias for the cmdlet Set-Variable( your can see the alias by typing 'get-alias set') . YOu can see the newly created variable by changing into your PSVariable provider like so:

cd variable:
dir | ? { $_.name -match "objgroup" }

This is obviously not what you intended but this explains why yuou get no error.  So in the future you dont need to call the keyword 'Set' in PS unlike VBscript for creating objects.

BTW, you can get the local computer name like so (it is faster then WMI):

$env:COMPUTERNAME

Great feedback guys.. thanks (and Hal - I love the podcast, keep it up!)

Ok, so I changed the script a bit (trying to stick more with PS than VBS:

$strUsername = "mydevuser"
$strDomain = "mydevdomain"
#$strDomain = $env:COMPUTERNAME
$strComputer = $env:COMPUTERNAME

$computer = [ADSI]("WinNT://" + $strComputer + ",computer")
$Group = $Computer.psbase.children.find("administrators")
$Group.Add("WinNT://" + $strDomain + "/" + $strUsername)

 I still don't understand psbase much but getting it to work.  Provided the user account exists in the given domain, this appears to work well so far.  I plan on adding some additional code to take arguments (args[0], etc) for username and domain as well as reading a server listing from a file so we can manage multiple servers with one simple script.  I'll update this once I get that working.

But for now... any comments?  Constructive criticism?

Ok, a straight forward get-content cmdlet handles what I want with reading a simple text file with the servers.

Since the domain\username will be constant throughout, that'll be outside the foreach loop.

$strUsername = "mydevuser"
$strDomain = "mydevdomain"

Get-Content c:\serverlist.txt | foreach { $_.computername;
$strComputer = $_.computername

$computer = [ADSI]("WinNT://" + $strComputer + ",computer")
$Group = $Computer.psbase.children.find("administrators")
$Group.Add("WinNT://" + $strDomain + "/" + $strUsername)
}

One oddity I'm noticing is the following error
Exception calling "Find" with "1" argument(s): "Unknown error (0x80005000)"
At C:\scripts\Powershell\testadd.ps1:12 char:40
+ $Group = $Computer.psbase.children.find <<<< ("administrators")

Yet if I check the local administrator group's members, it is there... so its working.  I'm not sure if this is something to be concerned with or not.

See if this works for you:

$strUsername = "mydevuser"

Get-Content c:\serverlist.txt | foreach { 
  $group = [ADSI]("WinNT://$_/administrators,group")
 $group.add("WinNT://$env:USERDOMAIN/$strUsername,user")
}

Also, there is a good explanation of psbase and friends here:

http://blogs.msdn.com/powershell/archive/2006/11/24/what-s-up-with-psbase-psextended-psadapted-and-psobject.aspx

Works like a charm.  Thanks Shay!!

I'll definitely read the article on psbase for more information.