none
Adding Domain Users to Security Groups Using UserPrincipalNames From CSV RRS feed

  • Question

  • Hi,

    I am trying to build a script which will:

    1. Import a CSV. The CSV contains the following data: AD Groups and UserPrincipalNames

    2. UPNs from the UPN column in the CSV will be added to the AD Groups from the Groups column.

    I have the following script at this time but it is showing me errors:

    Import-Module ActiveDirectory
    
    import-csv 'A:\Desktop\Add_UsersToADGroupUsingUPN\AddUsersToGroups.csv' | foreach {
    
    $user = get-aduser -filter 'userprincipalname -eq $_.csv'
    add-adgroupmember -identity $_.groups -members $user.upn $user = $null}

    The following errors appear:

    get-aduser : Property: 'csv' not found in object of type: 'System.Management.Automation.PSCustomObject'.
    At A:\Desktop\Add_UsersToADGroupUsingUPN\AD_UsersToADGroupUsingUPN.ps1:5 char:9
    + $user = get-aduser -filter 'userprincipalname -eq $_.csv'
    +         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : InvalidArgument: (:) [Get-ADUser], ArgumentException
        + FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.ArgumentException,Microsoft.ActiveDirectory.Management.Commands.G
       etADUser
    
    Add-ADGroupMember : Cannot validate argument on parameter 'Members'. The argument is null or empty. Provide an argument that
    is not null or empty, and then try the command again.
    At A:\Desktop\Add_UsersToADGroupUsingUPN\AD_UsersToADGroupUsingUPN.ps1:6 char:48
    + add-adgroupmember -identity $_.groups -members $user.upn $user = $nul ...
    +                                                ~~~~~~~~~
        + CategoryInfo          : InvalidData: (:) [Add-ADGroupMember], ParameterBindingValidationException
        + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.AddADGroupMembe
       r
    

    Any suggestions to resolve this problem will be appreciated.

    Respectfully,

    Tuesday, February 16, 2016 6:33 PM

Answers

  • Thanks guys but I created another script which resolved my problem:

    Import-Module ActiveDirectory
    
    $csv = import-csv 'A:\Desktop\Add_UsersToADGroupUsingUPN\AddUsersToGroups.csv'
    
    Foreach ($item in $csv)
    {
    	$upn = $item.upn
    	get-aduser -filter "userprincipalname -eq '$upn'" |
    	% {add-adgroupmember -identity $item.groups -members $_}
    }
    Thanks for your help. 

    • Marked as answer by AquilaXXIII Wednesday, February 17, 2016 9:34 PM
    Wednesday, February 17, 2016 9:34 PM

All replies

  • $user = get-aduser -filter 'userprincipalname -eq $($_.UPN)'
    add-adgroupmember -identity $_.groups -members $user


    \_(ツ)_/


    • Edited by jrv Tuesday, February 16, 2016 6:38 PM
    Tuesday, February 16, 2016 6:37 PM
  • Hi jrv,

    Thanks for your suggestion! But I am now receiving the following errors:

    get-aduser : Cannot process argument because the value of argument "path" is not valid. Change the value of the "path"
    argument and run the operation again.
    At A:\Desktop\Add_UsersToADGroupUsingUPN\Test.ps1:4 char:10
    +     $user = get-aduser -filter 'userprincipalname -eq $($_.upn)'
    +             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [Get-ADUser], PSArgumentException
        + FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.Management.Automation.PSArgumentException,Microsoft.ActiveDirecto
       ry.Management.Commands.GetADUser
    
    Add-ADGroupMember : Cannot validate argument on parameter 'Members'. The argument is null or empty. Provide an argument that
    is not null or empty, and then try the command again.
    At A:\Desktop\Add_UsersToADGroupUsingUPN\Test.ps1:5 char:49
    +     add-adgroupmember -identity $_.groups -members $user}
    +                                                    ~~~~~
        + CategoryInfo          : InvalidData: (:) [Add-ADGroupMember], ParameterBindingValidationException
        + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.AddADGroupMembe
       r
    

    Piping:

    $user = get-aduser -filter 'userprincipalname -eq $($_.upn)' | add-adgroupmember -identity $_.groups -members $user} resolves the get-aduser error but still shows the add-adgroupmember error.

    Any suggestions?

    Thanks in advance!

    Tuesday, February 16, 2016 7:23 PM
  • Use this instead:


    $user = Get-ADUser -LDAPFilter "(userPrincipalName=$($_.upn))"
    


    -- Bill Stewart [Bill_Stewart]

    Tuesday, February 16, 2016 7:37 PM
    Moderator
  • Hi Bill,

    I made the change:

    Import-Module ActiveDirectory
    
    import-csv 'A:\Desktop\Add_UsersToADGroupUsingUPN\AddUsersToGroups.csv' | foreach {
    	$user = get-aduser -ldapfilter '(userprincipalname=$($_.upn))'
    	add-adgroupmember -identity $_.groups -members $user}

    But I am still receiving the following error:

    Add-ADGroupMember : Cannot validate argument on parameter 'Members'. The argument is null or empty. Provide an argument that
    is not null or empty, and then try the command again.
    At A:\Desktop\Add_UsersToADGroupUsingUPN\Test.ps1:5 char:49
    +     add-adgroupmember -identity $_.groups -members $user}
    +                                                    ~~~~~
        + CategoryInfo          : InvalidData: (:) [Add-ADGroupMember], ParameterBindingValidationException
        + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.AddADGroupMembe
       r
    Thanks,

    Tuesday, February 16, 2016 7:57 PM
  • You must use double quotes " not single quotes ' in the command.

    Look carefully at the exact command I posted.


    -- Bill Stewart [Bill_Stewart]

    Tuesday, February 16, 2016 8:01 PM
    Moderator
  • You must use double quotes " not single quotes ' in the command.

    Look carefully at the exact command I posted.


    -- Bill Stewart [Bill_Stewart]

    Correct - I missed that:

    Also we need to prevent nulls:

    import-csv 'A:\Desktop\Add_UsersToADGroupUsingUPN\AddUsersToGroups.csv' | foreach {
    	if($user = get-aduser -ldapfilter "userprincipalname=$($_.upn)"){
    		add-adgroupmember -identity $_.groups -members $user
            }
        }


    \_(ツ)_/

    Tuesday, February 16, 2016 8:14 PM
  • Hi guys,

    I corrected the quotes so the script looks like this:

    Import-Module ActiveDirectory
    
    import-csv 'A:\Desktop\Add_UsersToADGroupUsingUPN\AddUsersToGroups.csv' | foreach {
    	if($user = get-aduser -ldapfilter "userprincipalname=$($_.upn)"){
    		add-adgroupmember -identity $_.groups -members $user
    	}
    }

    But when I run it, nothing happens:

    The UPN in my CSV file (user.name@domain.edu) has not been added to the specified group. The group is entered correctly into the CSV file and so is the e-mail UPN.

    Thanks in advance!

    Tuesday, February 16, 2016 11:10 PM
  • Email is not necessarily a UPN.

    import-csv 'A:\Desktop\Add_UsersToADGroupUsingUPN\AddUsersToGroups.csv' | foreach {
    	if($user = get-aduser -ldapfilter "userprincipalname=$($_.upn)"){
    		add-adgroupmember -identity $_.groups -members $user
    	}else{
                Write-Host 'User not found' -fore red
            }
    }


    \_(ツ)_/


    • Edited by jrv Tuesday, February 16, 2016 11:33 PM
    • Proposed as answer by Mike Crowley Wednesday, February 17, 2016 5:05 AM
    Tuesday, February 16, 2016 11:31 PM
  • The group is entered correctly into the CSV file and so is the e-mail UPN.

    mail and userPrincipalName are two separate attributes.


    -- Bill Stewart [Bill_Stewart]

    Wednesday, February 17, 2016 1:21 PM
    Moderator
  • In our case the user domain e-mail is their UPN.
    Wednesday, February 17, 2016 8:24 PM
  • The code to accomplish your task has already been presented. Did you have another question?

    -- Bill Stewart [Bill_Stewart]

    Wednesday, February 17, 2016 8:36 PM
    Moderator
  • Thanks guys but I created another script which resolved my problem:

    Import-Module ActiveDirectory
    
    $csv = import-csv 'A:\Desktop\Add_UsersToADGroupUsingUPN\AddUsersToGroups.csv'
    
    Foreach ($item in $csv)
    {
    	$upn = $item.upn
    	get-aduser -filter "userprincipalname -eq '$upn'" |
    	% {add-adgroupmember -identity $item.groups -members $_}
    }
    Thanks for your help. 

    • Marked as answer by AquilaXXIII Wednesday, February 17, 2016 9:34 PM
    Wednesday, February 17, 2016 9:34 PM