CODEWITHSUNDEEP
powershell
cberube
cberube

Reputation: 33

PowerShell Error Running Add-LocalGroupMember

I have two VMs that were built using the same base image. Both have the same version of PowerShell and both have the same admin user. When I run Add-LocalGroupMember on one I get an the following error:

PS C:\Users\DevTraining> Add-LocalGroupMember -Group "Remote Desktop Users" -Member "Groovy-Ruby"
Add-LocalGroupMember : Object reference not set to an instance of an object.
At line:1 char:1
+ Add-LocalGroupMember -Group "Remote Desktop Users" -Member "Groovy-Ru ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [Add-LocalGroupMember], NullReferenceException
    + FullyQualifiedErrorId : An unspecified error occurred.,Microsoft.PowerShell.Commands.AddLocalGroupMemberCommand

Both machines have ExecutionPolicy set to Unrestricted(for what it's worth). Both have the same system path and PowerShell is installed in the same location. I have tried running it in PowerShell ISE as Administrator. I have also tried running it in a script and the commandline(again FWIW). Surprisingly google as very little pertinent results. Here is the host information:


PS C:\Users\DevTraining> Get-Host


Name             : Windows PowerShell ISE Host
Version          : 5.1.17763.1971
InstanceId       : 74eadbcd-818b-4302-89f6-8cab287a9bd7
UI               : System.Management.Automation.Internal.Host.InternalHostUserInterface
CurrentCulture   : en-US
CurrentUICulture : en-US
PrivateData      : Microsoft.PowerShell.Host.ISE.ISEOptions
DebuggerEnabled  : True
IsRunspacePushed : False
Runspace         : System.Management.Automation.Runspaces.LocalRunspace

Upvotes: 3

Views: 5118

Answers (3)

user445408
user445408

Reputation: 37

In Win11, I'm finding modules like localaccount and winget are part of the filesystem, but not installed. I found localaccount in ProgramData. If you're ever missing a common module, search expected paths. the software 'Everything' was quick.

Import-Module C:\ProgramData\Microsoft\Windows\Containers\BaseImages\fdecccf3-15a6-4430-8295-48864f4ce1ca\BaseLayer\Files\Windows\System32\WindowsPowerShell\v1.0\Modules\Microsoft.PowerShell.LocalAccounts\1.0.0.0\Microsoft.PowerShell.LocalAccounts.psd1

ie) Winget C:\Program Files\WindowsApps\Microsoft.DesktopAppInstaller_1.24.1551.0_x64__8wekyb3d8bbwe

Additionally, I created a script to run after reinstall. It'll create a new admin, remove you from local admin, but add functional groups.

# Removes your account from local admin and adds local group membership.
# Creates new admin account.
# Lists Final Group Membership.

# Local Groups To Add
$MyGroups = @('Network Configuration Operators','Performance Log Users','Performance Monitor Users','Event Log Reader','Users')

# Create New Local Admin
$CreateNewAdmin = Read-Host -Prompt 'Do You Want To Create A New Admin Account?'
Switch ($CreateNewAdmin) {
Y {
if ($CreateNewAdmin -eq "y") {
$CreateNewAdmin = Read-Host 'Enter New Admin Account Name'
$Password = Read-Host -Prompt 'Create Admin Password' -AsSecureString
$params = @{
      Name        = $CreateNewAdmin
      Password    = $Password
}
New-LocalUser @params
Add-LocalGroupMember -Name 'Administrators' -Member $CreateNewAdmin
}
else { }}}


# Remove Your User From Local Admins. 
$RemoveAdmin = Read-Host -Prompt 'Remove Your Account From Local Admins and Add Group Memberships?'
Switch ($RemoveAdmin) {
Y {
if ($RemoveAdmin -eq "y") {
Remove-LocalGroupMember -Name 'Administrators' -Member $env:USERNAME
}
else { }}}

# Add user to local groups. 
foreach ($item in $MyGroups) {
Add-LocalGroupMember -Name $item -Member $env:USERNAME }

# Optional Read, List Final Group Membership
net user $CreateNewAdmin | findstr `* 
net user $env:USERNAME | findstr `*

Upvotes: 0

Christian SOPKAM
Christian SOPKAM

Reputation: 1

J'ai rencontré le même problème en travaillant sur une machine virtuelle w11. Je me.suis rendue compte que c'était parce que le nom de l'ordinateur était le.meme que celui d'un utilisateur. C'est pour ça qu ça ne fonctionnait pas .

Une fois que j'ai changer le nom de l'ordinateur, mon problème était résolu.

Upvotes: 0

Andrew Roberts
Andrew Roberts

Reputation: 744

I got this exception when trying to add a domain group to a local one:

Add-LocalGroupMember -Group "local group" -Member "domain\group"

In my case I was developing on a Hyper-V virtual machine and had just reset to a checkpoint. Trying the net localgroup command from this answer showed me the real error:

"The trust relationship between this workstation and the primary domain failed"

You get this when the cached password used by the computer system account to log in to the domain (distinct from the user account password) expires. In my case this was out of sync as a result of the checkpoint rollback. Consequently, the domain group name cannot be resolved and a null exception occurs.

You can fix this by signing out and back in as the local administrator and running this command in an elevated PowerShell session:

Reset-ComputerMachinePassword -Server DomainControllerNameOrIP -Credential Domain\AdminAccountName

Upvotes: 2

Related Questions