locked
Adding users to security groups. RRS feed

  • Question

  • HI, im using the following script which I need to add the users to one or more security groups outlined in the csv.

    import-module activedirectory
    $inputFile = Import-CSV  C:\test.csv

    foreach($line in $inputFile)
    {
    new-aduser -SamAccountName $line.UserName -name $line.FullName -AccountPassword (ConvertTo-SecureString -AsPlainText "Password" -Force) -Enabled $true -Path $line.ou -member $line.groups -DisplayName $line.FullName -GivenName $line.FirstName -Surname $line.SurName -UserPrincipalName $line.UserPrincipalName -ChangePasswordAtLogon $False -PasswordNeverExpires:$true
    }

    csv example:

    FirstName,Surname,FullName,UserName,userPrincipalName,password,ou,groups
    James,Smith,James Smith,JSmith,JSmith@jennetts.local,pas567rda,"ou=1,DC=test,dc=local","cn=office,cn=student,DC=test,dc=local"

    Ive tried adding member $line.groups but its not recognizing. Can someone help with either script or csv or both.

    Thanks

    Tom

    Sunday, February 12, 2012 8:50 PM

Answers

  • Hi Tom,

    I don't see member as a parameter for the new-aduser cmdlet?

    You can use the Add-ADGroupMember cmdlet rather:

    -------------------------- EXAMPLE 1 --------------------------

    Command Prompt: C:\PS>
    Add-ADGroupMember SvcAccPSOGroup SQL01,SQL02 
                               

    Adds the user accounts with SamAccountNames SQL01,SQL02 to the group SvcAccPSOGroup.

    http://technet.microsoft.com/en-us/library/ee617210.aspx



    • Edited by W_L_H Sunday, February 12, 2012 9:01 PM
    • Proposed as answer by jrv Sunday, February 12, 2012 9:11 PM
    • Marked as answer by Rich Prescott Sunday, February 19, 2012 5:05 PM
    Sunday, February 12, 2012 8:59 PM
  • There is no -Member parameter for the New-ADUser cmdlet. To add the new user to a group use the Add-ADGroupMember cmdlet. Check the help from Get-Help.


    Richard Mueller - MVP Directory Services

    • Proposed as answer by jrv Sunday, February 12, 2012 9:11 PM
    • Marked as answer by Rich Prescott Sunday, February 19, 2012 5:06 PM
    Sunday, February 12, 2012 8:59 PM

All replies

  • Hi Tom,

    I don't see member as a parameter for the new-aduser cmdlet?

    You can use the Add-ADGroupMember cmdlet rather:

    -------------------------- EXAMPLE 1 --------------------------

    Command Prompt: C:\PS>
    Add-ADGroupMember SvcAccPSOGroup SQL01,SQL02 
                               

    Adds the user accounts with SamAccountNames SQL01,SQL02 to the group SvcAccPSOGroup.

    http://technet.microsoft.com/en-us/library/ee617210.aspx



    • Edited by W_L_H Sunday, February 12, 2012 9:01 PM
    • Proposed as answer by jrv Sunday, February 12, 2012 9:11 PM
    • Marked as answer by Rich Prescott Sunday, February 19, 2012 5:05 PM
    Sunday, February 12, 2012 8:59 PM
  • There is no -Member parameter for the New-ADUser cmdlet. To add the new user to a group use the Add-ADGroupMember cmdlet. Check the help from Get-Help.


    Richard Mueller - MVP Directory Services

    • Proposed as answer by jrv Sunday, February 12, 2012 9:11 PM
    • Marked as answer by Rich Prescott Sunday, February 19, 2012 5:06 PM
    Sunday, February 12, 2012 8:59 PM
  • Pilgrim99,

    Has your question been answered? Do you need more assistance?


    Richard Mueller - MVP Directory Services

    Tuesday, February 14, 2012 4:54 PM
  • There are other issues here.

    THe OP specifies a field in  CSV as 'groups' but the colum shows only one group.  It this is multiple groups then how are the groups delimited.  They cannot be delimited by a comma.  It must be something like a pipe that won't be used in the dn.

    Here is a possible solution assuming the use of a pipe character.

    import-module activedirectory 
    $inputFile = Import-CSV  C:\test.csv
    foreach($line in $inputFile){ 
        New-ADUser `
            -SamAccountName $line.UserName `
            -name $line.FullName `
            -AccountPassword (ConvertTo-SecureString `
            -AsPlainText "Password" `
            -Force `
            -Enabled $true `
            -Path $line.ou `
            -DisplayName $line.FullName `
            -GivenName $line.FirstName `
            -Surname $line.SurName `
            -UserPrincipalName $line.UserPrincipalName `
            -PassThru
        $groups=$line.groups.Split('|')
        foreach($group in $groups){
            Add-ADGroupMember -Identity $group -Member $line.UserName
        }
    }

    Of course trying to paste anything into this edit box while someone is constantly changing the code on these pages has become somewhat of a real challenge.


    ¯\_(ツ)_/¯

    Tuesday, February 14, 2012 5:15 PM
  • jv, I notice your code snippet demonstrates how messed up the PowerShell colorization has become.


    Richard Mueller - MVP Directory Services

    Tuesday, February 14, 2012 5:31 PM
  • jv, I notice your code snippet demonstrates how messed up the PowerShell colorization has become.


    Richard Mueller - MVP Directory Services

    You like that.  I was so impressed taht I wrote a long note to teh Web support team.  Event the support control is now misbehaving in some very interesting ways.  Everything seems to come up centered in teh boxes.

    I suspect someone is trying to convert the site to HTML5 in readiness for the big event in a few months.  I suspect we will suffer much until then.

    Did you notice how the little toolbar icons have turned drap and all appear to be the same.  You have to hover to figure out which one is which. Of course we now have a new one 'Insert Html'

    The ability to insert HTML is part of what is causing formatting problems on the topic page.

    The good news is that teh site has becom much faster and teh code insertion box doesn;t get lost behind the browser anymore.

    Guess I will have to run this forum under IE10 to see if it works coreectly in pure HTML5 CSS3.

    The whole will will turn into a browser by the end of this year. Scary!!!


    ¯\_(ツ)_/¯

    Tuesday, February 14, 2012 5:51 PM