none
Assign Active Directory groups to the local admin groups on server 2012 R2 using GPO

    Question

  • Hi,

    Is it possible to assign/push Active Directory groups to the local admin groups on server 2012 R2 using GPO? If so, how would that be done?  Thanks.

    Mitch

    Tuesday, February 07, 2017 12:46 PM

All replies

  • Sure!  Open up one of your domain GPO's (or create a new one), and go to

    Computer Configuration

        - Policies

           - Windows Settings

                  - Security Settings

                       - Restricted Groups

    Right click in the empty pane and click Add Group.  Type in Administrators and click OK.

    Then add whatever AD objects you see fit. Click Ok, Apply, etc, and apply it to whatever OU you need.

    • Proposed as answer by SYN_ACK_87 Tuesday, February 07, 2017 12:55 PM
    Tuesday, February 07, 2017 12:55 PM
  • Dear,

    Yes we can assign active directory groups to local admin groups of a member server.

    we can do it in two ways in GPO.

    Method 1 :- Using the restricted groups under the path Computer Configuration\policies\windows settings\security Settings

    Method 2:- Computer Configuration\Preferences\Control Panel\Local Users and Groups.

    Syed.


    Thanks Syed Abdul Kadar M. Dont forget to mark as Answered if you found this post helpful.

    Tuesday, February 07, 2017 12:58 PM
  • After adding the AD objects through your process in the GPO, how do you assign it to the particular member servers Local Admin group?
    Tuesday, February 07, 2017 7:31 PM
  • After adding the AD objects through your process in the GPO, how do you assign it to the particular member servers Local Admin group?
    That's done through the main window of the Group Policy Management console.  Find the OU where your member servers reside, right click it, and click Link Existing GPO.  Just select whatever the GPO you created is called. You'll have to reboot the servers for it to take effect.
    Tuesday, February 07, 2017 8:33 PM
  • Hi,
    Here is an article about GPO, you could refer to it for more details regarding to create GPO, link GPO and refresh it step by step, it could help you finish to push GPO to member servers:
    https://technet.microsoft.com/en-us/library/hh147307(v=ws.10).aspx
    Best regards,
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Wednesday, February 08, 2017 7:42 AM
    Moderator
  • Hi,

    Just checking in to see if the information provided was helpful. And if the replies as above are helpful, we would appreciate you to mark them as answers, please let us know if you would like further assistance.

    Best Regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, February 13, 2017 9:39 AM
    Moderator