locked
Check Job Title for ADuser, add to respective AD group "Add-ADGroupMember and Log file RRS feed

  • Question

  • I like to Have a Script for checking the AD for users for Job title and add the users to respective Group

    I have tried below group and unable to get the fulfillment. 

    $ExportPath = 'E:\Reports\ADapplication\Addusers_in_Group.txt'
    $OUpath = 'OU=Users,OU=Facility,OU=Entiry,DC=domain,DC=com'
    $group01 = Get-ADGroup "Fac_CONTRACTOR"

    $group02 = Get-ADGroup "Fac_BLFP"

    $group03 = Get-ADGroup "Fac_CONTRACTOR_NONFM"
    $user01 = Get-ADUser -Filter "Title -like '*Fac_CONTRACTOR*'" -Prop Title -SearchBase $OUpath

    $user01 = Get-ADUser -Filter "Title -like '*Fac_BLFP*'" -Prop Title -SearchBase $OUpath

    $user01 = Get-ADUser -Filter "Title -like '*Fac_CONTRACTOR_NONFM*'" -Prop Title -SearchBase $OUpath

    foreach($User in $User01){try {Add-ADGroupMember -Identity $group01  -Members $user | -ErrorAction Stop "$User added to $Group01" | Out-File $ExportPath -Append } catch {"Failed to add $User to $Group01" | Out-File $ExportPath -Append}}  

    foreach($User in $User02){try {Add-ADGroupMember -Identity $group02  -Members $user | -ErrorAction Stop "$User added to $Group02" | Out-File $ExportPath -Append } catch {"Failed to add $User to $Group02" | Out-File $ExportPath -Append}}  

    foreach($User in $User01){try {Add-ADGroupMember -Identity $group03  -Members $user | -ErrorAction Stop "$User added to $Group03" | Out-File $ExportPath -Append } catch {"Failed to add $User to $Group03" | Out-File $ExportPath -Append}}  

    all are getting failed and not able to get the report as already existing on the server.

    Friday, November 2, 2018 7:51 PM

All replies

  • $users = Get-ADUser -Filter "Title -like '*Fac_CONTRACTOR*'" -Prop Title -SearchBase $OUpath
    Add-ADGroupMember -Identity $group01  -Members $users -PassThru
    $users = Get-ADUser -Filter "Title -like '*Fac_BLFP*'" -Prop Title -SearchBase $OUpath
    Add-ADGroupMember -Identity $group02  -Members $users -PassThru
    $users = Get-ADUser -Filter "Title -like '*Fac_CONTRACTOR_NONFM*'" -Prop Title -SearchBase $OUpath
    Add-ADGroupMember -Identity $group03  -Members $users -PassThru

    You will need to manage the errors if you want to do it one-by-one and log the outcome.

    help about_try_catch


    \_(ツ)_/



    • Edited by jrv Friday, November 2, 2018 9:00 PM
    Friday, November 2, 2018 8:55 PM
  • The most likely error might be a user that is already a member of the group. You could filter for users with the title, and also not already members of the group.

    Edit: For example, similar to:

    $users = Get-ADUser -Filter "(Title -like '*Fac_CONTRACTOR*') -And (memberOf -ne $Group01)" -Prop Title -SearchBase $OUpath

    where $Group01 is assumed to be a distinguished name.


    Richard Mueller - MVP Enterprise Mobility (Identity and Access)


    Friday, November 2, 2018 9:43 PM
  • If the code you pasted is exactly what you are running then it has many errors in need of correction.

    $user01 should be $user02 in

    $user01 = Get-ADUser -Filter "Title -like '*Fac_BLFP*'" -Prop Title -SearchBase $OUpath

    $user01 should be $user03 in

    $user01 = Get-ADUser -Filter "Title -like '*Fac_CONTRACTOR_NONFM*'" -Prop Title -SearchBase $OUpath

    your last foreach should take from $user03 instead of $user01

    All your Add-ADGroupMember have an extra pipeline that shouldn't be there, it's the one before ErrorAction.

    If the foreach blocks are meant to be one line each in your ps1 file then you need to separate the statements inside the blocks with a semi-colon.

    Example of how a foreach would look like after fixing:

    foreach($User in $User01){try {Add-ADGroupMember -Identity $group01  -Members $user  -ErrorAction Stop; "$User added to $Group01" | Out-File $ExportPath -Append } catch {"Failed to add $User to $Group01" | Out-File $ExportPath -Append}}  

    You can do away with the semi-colon if you make your foreach take multiple lines like:

    foreach($User in $User01){
     try {
      Add-ADGroupMember -Identity $group01  -Members $user -ErrorAction Stop
      "$User added to $Group01" | Out-File $ExportPath -Append
     }
     catch {
      "Failed to add $User to $Group01" | Out-File $ExportPath -Append
     }
    }  

    Monday, November 5, 2018 8:44 AM
  • If the code you pasted is exactly what you are running then it has many errors in need of correction.

    $user01 should be $user02 in

    $user01 = Get-ADUser -Filter "Title -like '*Fac_BLFP*'" -Prop Title -SearchBase $OUpath

    $user01 should be $user03 in

    $user01 = Get-ADUser -Filter "Title -like '*Fac_CONTRACTOR_NONFM*'" -Prop Title -SearchBase $OUpath

    your last foreach should take from $user03 instead of $user01

    All your Add-ADGroupMember have an extra pipeline that shouldn't be there, it's the one before ErrorAction.

    If the foreach blocks are meant to be one line each in your ps1 file then you need to separate the statements inside the blocks with a semi-colon.

    Example of how a foreach would look like after fixing:

    foreach($User in $User01){try {Add-ADGroupMember -Identity $group01  -Members $user  -ErrorAction Stop; "$User added to $Group01" | Out-File $ExportPath -Append } catch {"Failed to add $User to $Group01" | Out-File $ExportPath -Append}}  

    You can do away with the semi-colon if you make your foreach take multiple lines like:

    foreach($User in $User01){
     try {
      Add-ADGroupMember -Identity $group01  -Members $user -ErrorAction Stop
      "$User added to $Group01" | Out-File $ExportPath -Append
     }
     catch {
      "Failed to add $User to $Group01" | Out-File $ExportPath -Append
     }
    }  

    As I noted above, lines should never be concatenated for a dozen or more reasons.

    See: PowerShell Style Guidelines


    \_(ツ)_/


    • Edited by jrv Monday, November 5, 2018 8:54 AM
    Monday, November 5, 2018 8:49 AM
  • Hi,

    Was your issue resolved?

    If you resolved it using our solution, please "mark it as answer" to help other community members find the helpful reply quickly.

    If you resolve it using your own solution, please share your experience and solution here. It will be very beneficial for other community members who have similar questions.

    If no, please reply and tell us the current situation in order to provide further help.

    Best Regards,

    Lee


    Just do it.

    Tuesday, November 27, 2018 2:03 AM