VB.NET - Adding Domain User to Admin Group, while disconnected

Asked By Marty Mickus on 21-Mar-12 04:28 PM
Earn up to 50 extra points for answering this tough question.
I've been trying to find a way to add cached domain user to local admin group. Every solution seems to require connection to the domain. Is there a way to get user object from a local cache based on name or username and add them to local Administrators group? Please help. This is the code that works with the domain controller available. Any advice would be much appreciated. Dim lclctx As PrincipalContext
Dim domctx As PrincipalContext
Dim grp As GroupPrincipal
Try
  lclctx = New PrincipalContext(ContextType.Machine, Environment.MachineName)
  domctx = New PrincipalContext(ContextType.Domain, "DOMAIN")
  grp = GroupPrincipal.FindByIdentity(lclctx, IdentityType.Name, "Administrators")
  If Not grp Is Nothing Then
    grp.Members.Add(domctx, IdentityType.Name, strName)
    grp.Save()
    grp.Dispose()
  End If
  lclctx.Dispose()
  domctx.Dispose()
Catch ex As Exception
  writeToLog(ex.Message.ToString)
End Try
[)ia6l0 iii replied to Marty Mickus on 21-Mar-12 09:39 PM
I have never tried this, but my gut feeling is You can do this without connecting to the domain. 

If you try the following command in your command prompt, by specifying the domain\username to be added to Administrators group, you will either get a message saying "added" or "there is no such global user ...."

NET LOCALGROUP ADMINISTRATORS domain\username /add

Needless, to say, this command needs to be executed at a command prompt with adminstrator priveleges. 

The only reason that I see it not working with your VB.Net code, is when the cached user no more exists in the domain cache on the system.
D Company replied to Marty Mickus on 22-Mar-12 01:12 AM
Here are the all commands that u needed to do this. from NET Command
http://ss64.com/nt/net_useradmin.html
One way is usin GPO
http://myitforum.com/cs2/blogs/rdixon/archive/2008/06/17/how-to-add-domain-accounts-to-local-administrators-group-using-gpo.aspx
Reena Jain replied to Marty Mickus on 22-Mar-12 03:07 AM
Hi,

Yes As in above post suggested you can use NET command to Add a user account:

NET USER username {password | *} /ADD [options] [/DOMAIN]

try this and let me know
Marty Mickus replied to [)ia6l0 iii on 22-Mar-12 09:48 AM
Wow, I actually threw in the towel on this project yesterday as I thought it's not possible.  Even in windows without querying AD I couldn't add a domain user.  However, the NET command does work when offline.  Thank you for the help.