Local Security IP - Add Group to Local Group

Feb 28, 2013 at 4:17 PM
Hello,

Would it be possible to add an activity like "Add Group to Local Group"? This way we could easily add Domain Groups to the local Administrators group for example, without having to use cmd line.

I tried the Add User To Local Group activity, but while it works fine for user accounts it ignore groups.

Thanks,
Adam
Mar 13, 2013 at 4:47 PM
Hey Adam,

Sorry for the delay! This code has actually been in the integration pack for some time I just never actually created an object for it! I will update the OIP and release it out for you now!

http://scorch.codeplex.com/SourceControl/changeset/view/27572#173621

IP Updated
http://scorch.codeplex.com/releases/view/74832

-Ryan
Mar 14, 2013 at 3:45 PM
Thank you for updating this with the added Activity. Two things though:

1) There is no Security tab for the new Activity, so either the Orchestrator service account needs admin rights on the target server(s), or you have to Invoke it in a Child Runbook.
2) Not sure if this was intentional or not, but the IP is showing up in the Designer under the label "SCORCH DEV - Local Computer Security"

Adam
Mar 14, 2013 at 3:50 PM
Hey Adam,

When we migrated to Orchestrator we updated the integration packs from this project to all start with SCORCH Dev so people could easily identify where they came from, it shouldn't change any functionality. The 'Security Tab' is not something that we can implement in integration packs that are created with OIT (Orchestrator Integration Toolkit) it can only be implemented in 'Native' integration packs (which are largely being depricated). That being said, I will get a new revision out here shortly that will allow you to pass alternate credentials for the connection, stay tuned!

-Ryan
Mar 14, 2013 at 6:01 PM
Updated the IP to allow for alternate connection credentials, new version is v1.5, check it out and let me know if it works for your scenario

http://scorch.codeplex.com/releases/view/74832
Jun 1, 2013 at 2:52 AM
Ryan,

I am having a challenge getting the "Add Domain Group to Local Computer" activity to work.

How should I specify the various options:
Computer Name
Local Group Name
Domain Group Name
Domain

Do I need to use the LDAP formats? Can I just use the NetBIOS name of the computer?

Owen
Jan 5, 2016 at 7:04 PM
Edited Jan 5, 2016 at 7:22 PM
I successfully got it working using FQDN of computer name and the display name of the AD group. Did not try NetBIOS name.