locked
Adding new users to groups from template users. RRS feed

  • Question

  • Hi,

    I've got a script from the repository to add users to Active Directory, I changed a few things that mets my needs and everything is working fine. 

    However, now I want to add the new users to groups as well. Because users from different departments are members of many different groups I'm creating disabled template users that are member of those groups. 

    So far everything is good, but when I run the script only the last user in the CSV list gets added to groups, all the other users don't become members of any group. 

    This is my csv

    firstname,lastname,mailgroep John,Doe,a.verms,custeromer-service Nick,Donk,k.ten,marketing
    Jack,Srappow,b,fellows,warehouse


    and the script

    $Users = Import-CSV -Path "C:\scripts\test1.CSV" 
    
    
    $a=1;
    $b=1;
    $failedUsers = @()
    $usersAlreadyExist =@()
    $successUsers = @()
    $VerbosePreference = "Continue"
    $LogFolder = "$env:userprofile\desktop\logs"
    
    ForEach($User in $Users)  
    
    
    { 
        
        $FullName = $User.Firstname + " " + $User.Lastname   
        $SAM = $user.FirstName.Substring(0,1) + "." + $user.LastName
        $SAM=$sam.tolower()   
        $UPN = $SAM + "@mos.local" 
        $Password = (ConvertTo-SecureString -AsPlainText 't3stp@ss!' -Force)
        $OU="OU=Templates,OU=Users,OU=MyBusiness,DC=DDD,DC=local"
        
      try {
        if (!(get-aduser -Filter {samaccountname -eq "$SAM"})){
         $Parameters = @{
        'SamAccountName'        = $Sam
        'UserPrincipalName'     = $UPN 
        'Name'                  = $Fullname
        'displayname'           = $User.firstname + " " +  $User.lastname  + "` | TestComp"     
        'GivenName'             = $User.firstname 
        'Surname'               = $User.lastname    
        'AccountPassword'       = $password 
        'ChangePasswordAtLogon' = $true 
        'Enabled'               = $true 
        'Path'                  = $OU
            
        }
    }
         New-ADUser @Parameters 
         Write-Verbose "[PASS] Created $FullName under $ou"
         $successUsers += $FullName + "," +$SAM
    
    }
    catch {
        Write-Warning "[ERROR]Can't create user [$($FullName)] : $_"
        $failedUsers += $FullName + "," +$SAM + "," +$_
    }
    
    }      
      
      if($User.mailgroep)   
      {
            
        $Groups = (Get-AdUser $User.mailgroep -Properties MemberOf).MemberOf
        
        foreach($Group in $Groups)
        {
             Add-ADgroupmember -Identity $Group -Members $SAM
        }
      }
    
    if ( !(test-path $LogFolder)) {
        Write-Verbose "Folder [$($LogFolder)] does not exist, creating"
        new-item $LogFolder -type directory -Force 
    }
    
    Write-verbose "Writing logs" 
    $failedUsers | ForEach-Object {"$($b).) $($_)"; $b++} | out-file -FilePath  $LogFolder\FailedUsers.log -Force -Verbose 
    $successUsers | ForEach-Object {"$($a).) $($_)"; $a++} |out-file -FilePath  $LogFolder\successUsers.log -Force -Verbose 
    
    $su=(Get-Content "$LogFolder\successUsers.log").count
    $fu=(Get-Content "$LogFolder\FailedUsers.log").count
    
    Write-Host "Created $su Users Successfully, and $fu Users Creation Failed Look at Logs under $LogFolder" -ForegroundColor Yellow

    So, it only adds the last user of the csv to groups not the other users, Also, if you see any other useless or strange things in the script please tell me what it is and how it can be done better. 




    • Edited by Ivan-sp Tuesday, January 30, 2018 2:07 PM
    Tuesday, January 30, 2018 1:49 PM

Answers

  • Hi,

    You must add to group in User creation block

    Check this

    $Users = Import-CSV -Path "C:\scripts\test1.CSV" 
    
    
    $a=1;
    $b=1;
    $failedUsers = @()
    $usersAlreadyExist =@()
    $successUsers = @()
    $VerbosePreference = "Continue"
    $LogFolder = "$env:userprofile\desktop\logs"
    
    ForEach($User in $Users)  
    
    
    { 
        
        $FullName = $User.Firstname + " " + $User.Lastname   
        $SAM = $user.FirstName.Substring(0,1) + "." + $user.LastName
        $SAM=$sam.tolower()   
        $UPN = $SAM + "@mos.local" 
        $Password = (ConvertTo-SecureString -AsPlainText 't3stp@ss!' -Force)
        $OU="OU=Templates,OU=Users,OU=MyBusiness,DC=DDD,DC=local"
        
      try {
        if (!(get-aduser -Filter {samaccountname -eq "$SAM"})){
         $Parameters = @{
        'SamAccountName'        = $Sam
        'UserPrincipalName'     = $UPN 
        'Name'                  = $Fullname
        'displayname'           = $User.firstname + " " +  $User.lastname  + "` | TestComp"     
        'GivenName'             = $User.firstname 
        'Surname'               = $User.lastname    
        'AccountPassword'       = $password 
        'ChangePasswordAtLogon' = $true 
        'Enabled'               = $true 
        'Path'                  = $OU
            
        }
    }
         New-ADUser @Parameters 
         Write-Verbose "[PASS] Created $FullName under $ou"
         $successUsers += $FullName + "," +$SAM
    
    }
    catch {
        Write-Warning "[ERROR]Can't create user [$($FullName)] : $_"
        $failedUsers += $FullName + "," +$SAM + "," +$_
    }
    
    if($User.mailgroep)   
      {
            
        $Groups = (Get-AdUser $User.mailgroep -Properties MemberOf).MemberOf
        
        foreach($Group in $Groups)
        {
             Add-ADgroupmember -Identity $Group -Members $SAM
        }
      }
    
    }      
      
      
    if ( !(test-path $LogFolder)) {
        Write-Verbose "Folder [$($LogFolder)] does not exist, creating"
        new-item $LogFolder -type directory -Force 
    }

    • Marked as answer by Ivan-sp Tuesday, January 30, 2018 2:16 PM
    Tuesday, January 30, 2018 2:10 PM

All replies

  • Hello,

    Should this

    $Groups = (Get-AdUser $User.mailgroep -Properties MemberOf).MemberOf

    be that?

    $Groups = (Get-AdGroup $User.mailgroep -Properties MemberOf).MemberOf

    Get-ADGroup instead of Get-ADUser

    Tuesday, January 30, 2018 1:57 PM
  • Hi,

    You must add to group in User creation block

    Check this

    $Users = Import-CSV -Path "C:\scripts\test1.CSV" 
    
    
    $a=1;
    $b=1;
    $failedUsers = @()
    $usersAlreadyExist =@()
    $successUsers = @()
    $VerbosePreference = "Continue"
    $LogFolder = "$env:userprofile\desktop\logs"
    
    ForEach($User in $Users)  
    
    
    { 
        
        $FullName = $User.Firstname + " " + $User.Lastname   
        $SAM = $user.FirstName.Substring(0,1) + "." + $user.LastName
        $SAM=$sam.tolower()   
        $UPN = $SAM + "@mos.local" 
        $Password = (ConvertTo-SecureString -AsPlainText 't3stp@ss!' -Force)
        $OU="OU=Templates,OU=Users,OU=MyBusiness,DC=DDD,DC=local"
        
      try {
        if (!(get-aduser -Filter {samaccountname -eq "$SAM"})){
         $Parameters = @{
        'SamAccountName'        = $Sam
        'UserPrincipalName'     = $UPN 
        'Name'                  = $Fullname
        'displayname'           = $User.firstname + " " +  $User.lastname  + "` | TestComp"     
        'GivenName'             = $User.firstname 
        'Surname'               = $User.lastname    
        'AccountPassword'       = $password 
        'ChangePasswordAtLogon' = $true 
        'Enabled'               = $true 
        'Path'                  = $OU
            
        }
    }
         New-ADUser @Parameters 
         Write-Verbose "[PASS] Created $FullName under $ou"
         $successUsers += $FullName + "," +$SAM
    
    }
    catch {
        Write-Warning "[ERROR]Can't create user [$($FullName)] : $_"
        $failedUsers += $FullName + "," +$SAM + "," +$_
    }
    
    if($User.mailgroep)   
      {
            
        $Groups = (Get-AdUser $User.mailgroep -Properties MemberOf).MemberOf
        
        foreach($Group in $Groups)
        {
             Add-ADgroupmember -Identity $Group -Members $SAM
        }
      }
    
    }      
      
      
    if ( !(test-path $LogFolder)) {
        Write-Verbose "Folder [$($LogFolder)] does not exist, creating"
        new-item $LogFolder -type directory -Force 
    }

    • Marked as answer by Ivan-sp Tuesday, January 30, 2018 2:16 PM
    Tuesday, January 30, 2018 2:10 PM
  • That did it, thank you a lot.

    Tuesday, January 30, 2018 2:20 PM