How to add domain user as a member of local group
Sometime we require adding domain users in servers local groups for either some configuration purpose of for remote desktop purpose. If the environment is small and limited to 2-3 servers then we can add the users in local server groups but in large environment it is not possible to log in to each and every member server to update the group member.
To achieve this we can configure the GPO to add domain users to member server’s local groups. The above configuration will require to configure the restricted Group.
Below is the steps –by –step guide to add the users as member of local group.
1) Go to start –> RUN and enter gpmc.msc, which will open group policy management console
2) The above command will open the Group Policy Management Console. Right Click on OU where you want to apply the policy and select “create and link GPO here”. Give the name of GPO as per the requirement and select OK. This will create the new GPO and linked to the specified OU where we want to apply the policy.
3) Now once after creating the GPO we have configure setting to achieve our goal. To do that Right click or newly created GPO and select edit. This will open the GPO configuration. Expand Computer configuration –>Windows Setting –>security Setting and then Select and right click on restricted groups and select Add Group
4) Add Group dialog box will open. Write down the name of the Group in which you want to add user as a member of that local group (Note: this will be the local group which we can find under local users and groups on member server). You can browse the group by selecting Browse button.
5) Once after you select the group name (like Administrators, Power Users, Remote Desktop Users etc.) Click OK to open the group properties dialoug box. In this we can add domain users who will be the part of that group. To add the members click on Add button
6) Add member dialog box will open. Select the name of the domain user if you know or you can go by browsing the same through Active Directory.
Once you identify the users select OK. This will add the specified user as a member of that group.
7) Now the GPO configuration for restricted group will look like below which will show group name, members and member of properties.
8) Close the configuration window and check the settings of the newly created GPO. The settings will look like below.
9) Again go to the Start –> RUN and open CMD. Run command gpupdate /force to update the GPO forcefully.
10) Once after updating the GPO login to the client machine and again run gpupdate /force on command prompt from client machine. This will require to update group policy on client machine. Once after updating the policies to verify whether user is added successfully or not go to
Start –> Right Click my Computer –> Manage
Under configuration tab (in case of Windows 2008 or windows 7) expand local users and groups. Double click on administrators group and check the member is updated in group membership.
Ensure the computer should be in the OU where we have attached this GPO.
Note: Hidden name in this article is the domain Name of the company.