none
simple way of adding user to Active Directory group in powershell

    Question

  • Does anyone know the easiest way of adding a user to an Active Directory group through Powershell. All the examples i have found on the internet seem to be using some powershell addon by Quest software which i dont really want to do ( we are a few IT admins and would prefer to use the basic active directrory module which everyone has ).
    Wednesday, July 27, 2011 6:13 PM

Answers

  • Try this.  Add user name to Users.csv file. Header should be User Name.   Update the group (TestGroup1) with you group name.  

     

    Import-module ActiveDirectory 
    Import-CSV "C:\Users.csv" | % { 
    Add-ADGroupMember -Identity TestGroup1 -Member $_.UserName 
    } 
    

     


    Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX

    Blogs - http://blogs.sivarajan.com/
    Articles - http://www.sivarajan.com/publications.html
    Twitter: @santhosh_sivara - http://twitter.com/santhosh_sivara
    This posting is provided AS IS with no warranties,and confers no rights.

    Wednesday, July 27, 2011 6:23 PM
  • Import-Module ActiveDirectory
    Add-ADGroupMember -Identity "Group identifier" -Members "one or more users to add"

    Technet reference: 
    http://technet.microsoft.com/en-us/library/ee617210.aspx

    The Add-ADGroupMember cmdlet adds one or more users, groups, service accounts, or computers as new members of an Active Directory group.

    The Identity parameter specifies the Active Directory group that receives the new members. You can identify a group by its distinguished name (DN), GUID, security identifier (SID) or Security Accounts Manager (SAM) account name. You can also specify group object variable, such as $<localGroupObject>, or pass a group object through the pipeline to the Identity parameter. For example, you can use the Get-ADGroup cmdlet to get a group object and then pass the object through the pipeline to the Add-ADGroupMember cmdlet.

    The Members parameter specifies the new members to add to a group. You can identify a new member by its distinguished name (DN), GUID, security identifier (SID) or SAM account name. You can also specify user, computer, and group object variables, such as $<localUserObject>. If you are specifying more than one new member, use a comma-separated list. You cannot pass user, computer, or group objects through the pipeline to this cmdlet. To add user, computer, or group objects to a group by using the pipeline, use the Add-ADPrincipalGroupMembership cmdlet. 

     


    Andreas Hultgren
    MCTS, MCITP
    http://ahultgren.blogspot.com/
    Thursday, July 28, 2011 3:06 PM
  • http://jrich523.wordpress.com/2011/06/01/methods-for-working-with-active-directory-in-powershell/

    that explains your options...


    Justin Rich
    http://jrich523.wordpress.com
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Wednesday, July 27, 2011 6:23 PM
  • The easiest way (IMHO) is

    net group <groupname> <username> /ADD /DOMAIN

    But that may not be what you're looking for.


    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
    Wednesday, July 27, 2011 6:37 PM
  • In PowerShell I use the [ADSI] accelerator, which requires only PowerShell V1. I use the Add method to add members to a group, and I check with the IsMember method first to make sure the user is not already a member. For example:

     

    $Group = [ADSI]"LDAP://cn=Test Group,ou=West,dc=MyDomain,dc=com"
    $User = [ADSI]"LDAP://cn=Jim Smith,ou=East,dc=MyDomain,dc=com"

    If ($Group.IsMember($User.ADsPath) -eq $False)
    {
        $Group.Add($User.ADsPath)
    }

    -----

     


    Richard Mueller - MVP Directory Services
    Wednesday, July 27, 2011 7:29 PM

All replies

  • http://jrich523.wordpress.com/2011/06/01/methods-for-working-with-active-directory-in-powershell/

    that explains your options...


    Justin Rich
    http://jrich523.wordpress.com
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    Wednesday, July 27, 2011 6:23 PM
  • Try this.  Add user name to Users.csv file. Header should be User Name.   Update the group (TestGroup1) with you group name.  

     

    Import-module ActiveDirectory 
    Import-CSV "C:\Users.csv" | % { 
    Add-ADGroupMember -Identity TestGroup1 -Member $_.UserName 
    } 
    

     


    Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX

    Blogs - http://blogs.sivarajan.com/
    Articles - http://www.sivarajan.com/publications.html
    Twitter: @santhosh_sivara - http://twitter.com/santhosh_sivara
    This posting is provided AS IS with no warranties,and confers no rights.

    Wednesday, July 27, 2011 6:23 PM
  • The easiest way (IMHO) is

    net group <groupname> <username> /ADD /DOMAIN

    But that may not be what you're looking for.


    [string](0..33|%{[char][int](46+("686552495351636652556262185355647068516270555358646562655775 0645570").substring(($_*2),2))})-replace " "
    Wednesday, July 27, 2011 6:37 PM
  • In PowerShell I use the [ADSI] accelerator, which requires only PowerShell V1. I use the Add method to add members to a group, and I check with the IsMember method first to make sure the user is not already a member. For example:

     

    $Group = [ADSI]"LDAP://cn=Test Group,ou=West,dc=MyDomain,dc=com"
    $User = [ADSI]"LDAP://cn=Jim Smith,ou=East,dc=MyDomain,dc=com"

    If ($Group.IsMember($User.ADsPath) -eq $False)
    {
        $Group.Add($User.ADsPath)
    }

    -----

     


    Richard Mueller - MVP Directory Services
    Wednesday, July 27, 2011 7:29 PM
  • Import-Module ActiveDirectory
    Add-ADGroupMember -Identity "Group identifier" -Members "one or more users to add"

    Technet reference: 
    http://technet.microsoft.com/en-us/library/ee617210.aspx

    The Add-ADGroupMember cmdlet adds one or more users, groups, service accounts, or computers as new members of an Active Directory group.

    The Identity parameter specifies the Active Directory group that receives the new members. You can identify a group by its distinguished name (DN), GUID, security identifier (SID) or Security Accounts Manager (SAM) account name. You can also specify group object variable, such as $<localGroupObject>, or pass a group object through the pipeline to the Identity parameter. For example, you can use the Get-ADGroup cmdlet to get a group object and then pass the object through the pipeline to the Add-ADGroupMember cmdlet.

    The Members parameter specifies the new members to add to a group. You can identify a new member by its distinguished name (DN), GUID, security identifier (SID) or SAM account name. You can also specify user, computer, and group object variables, such as $<localUserObject>. If you are specifying more than one new member, use a comma-separated list. You cannot pass user, computer, or group objects through the pipeline to this cmdlet. To add user, computer, or group objects to a group by using the pipeline, use the Add-ADPrincipalGroupMembership cmdlet. 

     


    Andreas Hultgren
    MCTS, MCITP
    http://ahultgren.blogspot.com/
    Thursday, July 28, 2011 3:06 PM
  • fbinotto.blogspot.com
    Thursday, February 21, 2013 12:37 AM
  • IMO, this is the best way to do it when you have a bunch of users to add. Make sure the header is UserName and not User Name (no space)

    (Yes, I realize this is an old post but it helped me today!)

    Thursday, November 07, 2013 9:18 PM
  • I get the error Cannot validate arguments on parameter 'Members' The argument is null or empty. Is the TestGroup1 supposed to be just the name of the AD group without quotes or is it a fully qualified LDAP to the group?

    

    • Edited by Tashfin Thursday, May 22, 2014 1:57 PM
    Thursday, May 22, 2014 1:55 PM
  • I have no idea which script you're referring to, as there are many options mentioned in this thread.

    You'll get better help by starting your own thread. Make sure you post your code and your errors, but don't post a screenshot. Use the 'Insert Code Block' feature.


    Don't retire TechNet! - (Don't give up yet - 12,830+ strong and growing)

    Thursday, May 22, 2014 2:03 PM
    Moderator
  • And using another domain?. I am in a Forest (

    (Get-ADForest).GlobalCatalogs

    )

    www.kiquenet.com/profesional

    Wednesday, April 29, 2015 10:46 AM
  • If ($Group.IsMember($User.ADsPath) -eq $False)

    how use it with ActiveDirectory module and powershell 3.0 and 4.0 ?


    www.kiquenet.com/profesional

    Wednesday, April 29, 2015 10:47 AM
  • If ($Group.IsMember($User.ADsPath) -eq $False)

    how use it with ActiveDirectory module and powershell 3.0 and 4.0 ?


    www.kiquenet.com/profesional

    Please start your own thread.


    Don't retire TechNet! - (Don't give up yet - 13,225+ strong and growing)

    Wednesday, April 29, 2015 12:44 PM
    Moderator