Share via


Add a Computer Account to a Group

Applies To: Windows Server 2008

Membership in Account Operators, Domain Admins, or Enterprise Admins, or equivalent, is the minimum required to complete this procedure. Review details about using the appropriate accounts and group memberships at Local and Domain Default Groups (https://go.microsoft.com/fwlink/?LinkId=83477).

Adding a computer account to a group

  • Using the Windows interface

  • Using a command line

To add a computer account to a group using the Windows interface

  1. To open Active Directory Users and Computers, click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.

  2. In the console tree, click Computers.

    Where?

    • Active Directory Users and Computers/domain node/Computers

    Or, click the folder in which the computer is located.

  3. In the details pane, right-click the computer, and then click Properties.

  4. On the Member Of tab, click Add.

  5. In Enter the object names to select, type the name of a group that you want this computer to be a member of, and then click OK.

Additional considerations

  • To perform this procedure, you must be a member of the Account Operators group, Domain Admins group, or Enterprise Admins group in Active Directory Domain Services (AD DS), or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure.

  • Another way to open Active Directory Users and Computers is to click Start, click Run, and then type dsa.msc.

  • When you view users, computers, and groups as containers, you can add a computer to a group by dragging it onto the desired group.

  • By adding a computer to a group, you can assign permissions to all the computer accounts in that group and you can filter Group Policy settings on all the accounts in that group.

Additional references

To add a computer account to a group using a command line

  1. To open a command prompt, click Start, click Run, type cmd, and then click OK.

  2. Type the following command, and then press ENTER:

    dsmod group <GroupDN> -addmbr <ComputerDN>
    
Parameter Description

<GroupDN>

Specifies the distinguished names of the group object to which you want to add the computer object.

-addmbr

Sets the <ComputerDN> value.

<ComputerDN>

Specifies the distinguished name of the computer to be added to the group. The distinguished name specifies the directory location.

To view the complete syntax for this command, and for information about entering user account information, at a command prompt, type the following command, and then press ENTER:

dsmod group /?

Additional considerations

  • To perform this procedure, you must be a member of the Account Operators group, Domain Admins group, or Enterprise Admins group in AD DS, or you must have been delegated the appropriate authority. As a security best practice, consider using Run as to perform this procedure.

  • By adding a computer to a group, you can assign permissions to all of the computer accounts in that group and filter Group Policy settings on all accounts in that group.

Additional references