Making user object set in ManagedBy attribute a local administrator via GPP

The original post can be found here. I'm just re-posting it as it's a really flexible and neat way of making the user a local administrator of the computer by just adding it to the ManagedBy attribute of the computer object in AD. I will try to make this post more detailed than the original as well. All credits to WIDSNET.COM for the original post.

So let's get started.

Open GPMC and right click the GPO you want to add the new settings and click on Edit.

Now expand Computer Configuration > Preferences > Control Panel Settings right click Local Users and Groups and select New > Local Group.

Leave the action as Update. In the Group Name field from the drop down box select Administrators (built-in). Now click on Add and in the member textbox type %managedByUser%. Click on OK.

Next click on the Common tab, tick the Item-Level targeting box and click on Targeting...

Click on New Item > LDAP Query.

In the Filter textbox type:

(&(objectCategory=computer)(objectClass=computer)(cn=%ComputerName%))

In the Attribute textbox type:

managedBy

In the Environment variable name textbox type:

managedBy

Now click on New Item again and click on LDAP query.

In the Filter textbox type:

(&(objectCategory=user)(objectClass=user)(distinguishedName=%managedBy%))

In the Attribute textbox type:

sAMAccountName

In the Environment variable name textbox type:

managedByUser

Click on OK twice.

Now from the Active Directory Users and Computers right click a computer object which has that GPO applied to and click on Properties.

Click on the Managed By tab, click on Change, type the user you want to be an admin of this computer and click on OK twice.

That is it! Now log in to the computer with the user account you just added and it should be a member of the local administrators group.