Wednesday, 14 May 2014

Add AD Group Members using PowerShell

In this article, I am going to write Powershell script samples to add members to Active Directory Group, add group members by importing members from other AD groups and add AD security group members From CSV file.
You can Add Group members by using the Active Directory powershell cmdlet Add-ADGroupMember.
Add-ADGroupMember [-Identity] <ADGroup> [-Members] <ADPrincipal[]>
The Identity parameter specifies the Active Directory group that receives the new members. You can identify a group by its distinguished name (DN), GUID, SID or SamAccountName.

The Members parameter specifies the new members to add to a group. You can identify a new member by its distinguished name (DN), GUID, SID or SamAccountName.

Summary:

Add AD Group members using Powershell

Add user accounts to AD Group by samAccountName:
Import-Module ActiveDirectory
Add-ADGroupMember "Domain Admins" "MorganTest1,MorganTest2";
Add AD Group members by distinguished name (DN):
Import-Module ActiveDirectory
Add-ADGroupMember "Domain Admins" "CN=MorganTest1,OU=London,DC=TestDomain,DC=local";

Add members by importing members from other Group

By using above examples, you can easily add the group members to AD group. Providing and changing permissions to AD security object is inevitable in this dynamic world. So in some cases, you may be in the need of adding new group members by importing members from other existing Active Directory group. Use the below powershell script to achieve this need.

Steps to import existing Group members to other AD Group:
   1. Copy the below Powershell script and paste in Notepad file.
   2. Change the value for the variables $existingGroup and $newGroup with your own AD Group which you want to import and add group members
   3. SaveAs the Notepad file with the extension .ps1 like Import-Add-Group-Members.ps1

Powershell script file: Download Import-Add-Group-Members.ps1
Import-Module ActiveDirectory
  $existingGroup = "Domain Admins"
  $newGroup = "Powershell Admins"
 Get-ADGroupMember $existingGroup  | ForEach-Object {
   $samAccountName = $_."samAccountName" 
   Add-ADGroupMember $newGroup $samAccountName;
   Write-Host "- "$samAccountName" added to "$newGroup
}
   4. Now run the file Import-Add-Group-Members.ps1 from Powershell to Import members from existing AD Group and add as members of other AD Group.
PS C:\Scripts> .\Import-Add-Group-Members.ps1
Add Active Directory Group Members using Powershell Script

Add members to AD Group by importing members from CSV

   1. Consider the CSV file Users.csv which contains set of Active Directory users to add as members to AD Group with the attribute samAccountName.
Disable Active Directory User Account using Powershell Script

   2. Copy the below Powershell script and paste in Notepad file.
   3. Change the Users.csv file path with your own csv file path.
   4. SaveAs the Notepad file with the extension .ps1 like Import-AD-Group-Members-From-CSV.ps1

Powershell script file: Download Import-AD-Group-Members-From-CSV.ps1
Import-Module ActiveDirectory
  $adGroup = "Powershell Admins"
Import-Csv "C:\Scripts\Users.csv" | ForEach-Object {
 $samAccountName = $_."samAccountName" 
 Add-ADGroupMember $adGroup $samAccountName;
 Write-Host "- "$samAccountName" added to "$adGroup
}
   5. Now run the file Import-AD-Group-Members-From-CSV.ps1 from Powershell to Import Bulk Active Directory users from CSV and add as member to AD Security Group.
PS C:\Scripts>  .\Import-AD-Group-Members-From-CSV.ps1
Add Members to AD Group by Importing Members From CSV using Powershell Script

Note: I have placed script file in the location C:\Scripts, if you placed in any other location, you can navigate to that path using CD path command (like cd "C:\Downloads").


Thanks,
Morgan
Software Developer

Advertisements
Advertisements

3 comments:

  1. Hi Morgan, thanks for the article

    Trying to add users from csv to AD. I am using distinguished names to usernames in the csv and i keep getting this error

    Add-ADGroupMember : Cannot find an object with identity: 'CN=rcmex,OU=xyUsers,DC=ad3,DC=XYZ,DC=com' under: 'DC=ou,DC=ad3,DC=XYZ,DC=com'.

    From my understanding users are in different domain and groups are in different domain (sub OU). I tried different options, was able add users from one group to other in same OU, able to add users locally defined (in Root OU - ou.ad3.xyz.com). am new to this AD and powershell, Can you share your ideas? appreciate any help

    ReplyDelete
    Replies
    1. Hi Ramii, can you try to use distinguished name for group also?

      Delete
  2. Thanks Morgan, was able to resolve it, by getting group and user properties separately and then adding to group

    $DomainGroupDN = Get-ADGroup -Identity $GroupName -Server ou.ad3.abc.com
    $SamDN = Get-ADUser $Member -Server ad3.abc.com
    Add-ADGroupMember $DomainGroupDN -Server ou.ad3.abc.com-Members $SamDN


    ReplyDelete