Adding new user to admin in roaming user profile

A very specific question!

When you add a new user to the Administrators group in a Roaming User Profile (RUP) environment, you need to ensure that the changes are propagated to all machines that the user will be logging into. Here's a step-by-step guide to help you achieve this:

Prerequisites:

  1. The user account is already created in Active Directory (AD).
  2. The RUP is configured and working correctly.

Step 1: Add the user to the Administrators group

  1. Open the Active Directory Users and Computers console (dsa.msc).
  2. Navigate to the OU where the user account is located.
  3. Right-click on the user account and select "Properties".
  4. In the "Member Of" tab, click "Add" and select "Administrators".
  5. Click "OK" to close the properties window.

Step 2: Update the RUP

  1. Open the Group Policy Editor (gpedit.msc) on a machine that is part of the RUP.
  2. Navigate to "Computer Configuration" > "Policies" > "Administrative Templates" > "System" > "Group Policy".
  3. Enable the policy "User Group Policy Loopback Processing Mode" and set it to "Merge".
  4. Create a new Group Policy Object (GPO) or edit an existing one.
  5. Navigate to "User Configuration" > "Policies" > "Windows Settings" > "Security Settings" > "Local Policies" > "User Rights Assignment".
  6. Find the policy "Add user to administrators group" and edit it.
  7. Add the new user account to the list of users who are allowed to be added to the Administrators group.

Step 3: Apply the GPO

  1. Link the GPO to the OU where the user account is located.
  2. Wait for the GPO to be applied to all machines in the OU (this may take some time, depending on the GPO refresh interval).

Step 4: Verify the changes

  1. Log off and log back in to a machine that is part of the RUP.
  2. Open the Computer Management console (compmgmt.msc).
  3. Navigate to "Local Users and Groups" > "Groups" > "Administrators".
  4. Verify that the new user account is a member of the Administrators group.

By following these steps, you should be able to add a new user to the Administrators group in a Roaming User Profile environment and have the changes propagated to all machines that the user will be logging into.