locked
Add user to several groups at one time RRS feed

  • Question

  • When I get a new user I would like to add them to several distribution lists at the same time.  It seems like you could use EMC to select multiple DLs and add a user as a member and it would make that person a member of all the groups, however this doesn't work. 

    I know you can add multiple members to a single group with Add-DistributionGroupMember, but not the other way.

    Anyone have this issue - copying an existing user only works from one of my domains, the other domain doesn't work because replication has to take place first.

    thanks

    Dave

    Thursday, January 26, 2012 12:40 AM

Answers

  • If you want to save the following as a .ps1 file (I had it named as Add-DLUsers.ps1, but call it anything you want):

    if ((Get-Module -Name ActiveDirectory) -eq $nul) { Import-Module ActiveDirectory }
    
    $oGroups = ('dlA', 'dlB', 'dlC', 'dlD')
    $oUsers = ('userA', 'userB', 'userC')
    
    foreach ($oGroup in $oGroups) {
      Add-ADGroupMember -Identity $oGroup -Members $oUsers
    }
    

    Of course, for a script this small you don't need to save it at all. You could just execute is straight from the Powershell command line. The last three lines would simply become one line, like:

    foreach ($oGroup in $oGroups) { Add-ADGroupMember -Identity $oGroup -Members $oUsers }
    

    Cheers,
    Lain

    • Marked as answer by McCue Thursday, January 26, 2012 10:47 PM
    Thursday, January 26, 2012 3:43 AM

All replies

  • Hi Dave,

    If you wanted to use a GUI, then you could use Active Directory Users and Computers for this. Just open the user's property sheet and add them to multiple distribution lists (since they're just universal groups in reality).

    Cheers,
    Lain

    Thursday, January 26, 2012 1:46 AM
  • Thanks Lain,

    Unfortunately the Users (parent) are in a different domain from distribution lists (child) so they names of the lists won't resolve when I try to add them. 

    I also tried multiples of -Identity in Add-DistributionGroupMember and it couldn't handle the array.

    Thursday, January 26, 2012 1:57 AM
  • Hi Dave,

    That's kind of weird that you can't resolve names irrespective of the direction, as by default there's an implicit two-way transitive trust between a parent and child domain.

    When you're in the Member Of tab trying to add the users, if you hit the Location button, does the parent and child structure not show? If you select the parent structure in the Location dialog yet can't resolve the usernames then that suggests the trust side of things has been redefined. But that doesn't make sense since if that were true, you wouldn't be able to add accounts, period - no matter what mechanic you used: ADUC, EMC, AD Powershell, etc.

    ADUC is funny insofar as you can't just type in the UPN or NT4-style domain\username that refers to a different domain and have it resolve. You've actually got to change the Location focus.

    Mind you, this can still be done with Powershell (be that EMC or AD Powershell) quite readily. I'll knock something up quickly and post it - unless someone else does the same first.

    Cheers,
    Lain

    Thursday, January 26, 2012 3:25 AM
  • If you want to save the following as a .ps1 file (I had it named as Add-DLUsers.ps1, but call it anything you want):

    if ((Get-Module -Name ActiveDirectory) -eq $nul) { Import-Module ActiveDirectory }
    
    $oGroups = ('dlA', 'dlB', 'dlC', 'dlD')
    $oUsers = ('userA', 'userB', 'userC')
    
    foreach ($oGroup in $oGroups) {
      Add-ADGroupMember -Identity $oGroup -Members $oUsers
    }
    

    Of course, for a script this small you don't need to save it at all. You could just execute is straight from the Powershell command line. The last three lines would simply become one line, like:

    foreach ($oGroup in $oGroups) { Add-ADGroupMember -Identity $oGroup -Members $oUsers }
    

    Cheers,
    Lain

    • Marked as answer by McCue Thursday, January 26, 2012 10:47 PM
    Thursday, January 26, 2012 3:43 AM
  • Hi Lain, Sorry for the delay in replying, I could see you were on the right track and wanted to try it before I responded.  I modified your script a little and got it to work nicely as a .ps1 script.

    $oGroups = ('DL1', 'DL1', 'DL3')
    $oUsers = ('username')

    foreach ($oGroup in $oGroups)
    {
      Add-DistributionGroupMember -Identity $oGroup -Member $oUsers
      Write-Host $oUsers "is added to DL:" $oGroup
    }

    I'm thinking that since it is usually the same groups but a different user that it would be great to include a command line parameter for the user.  An example: "Add-DLUsers.ps1 username".  Do you think it would be best to use $args[0] or Param($oUsers) in the script file?

    Thank you very much Lain. 

    Dave

     

    Thursday, January 26, 2012 8:40 PM
  • Hi Lain,

    I refined it a little more to give me something a little more user friendly.  I'm posting it in hope that it helps someone else.  So I saved this to a .ps1 file which prompts for the username/alias of the person to be added to these email distribution lists.  I couldn't have done it without your help and some extra information from this link: http://social.technet.microsoft.com/Forums/en-CA/winserverpowershell/thread/c5c8a49e-c3e1-4cfe-bf4c-8abd1b97bbd0 .

    param(
     [string] $ousers = $(Read-Host -prompt "Username for Distribution Lists"))

    $oGroups = ('List1', 'List2', 'List3')

    foreach ($oGroup in $oGroups)
    {
      Add-DistributionGroupMember -Identity $oGroup -Member $oUsers
      Write-Host $oUsers "is added to DL:" $oGroup
    }

     

    Have a great day.

    Dave


    • Edited by McCue Thursday, January 26, 2012 10:50 PM removed comments
    Thursday, January 26, 2012 10:46 PM