none
Ad group consolidation problem with Powershell... RRS feed

  • Question

  • I have a top level group in a Windows 2008 domain.  For this discussion, I'll call it Sales.  That group has several sub-groups.  We'll call them Sales-North, Sales-South, Sales-East, and Sales-West. We have decided that we no longer need the North, South, East, and West groups and wish to consolidate all the users in those groups up to the top level Sales group.  I'm new to Powershell, and while I could do this in the GUI, I wanted to do it in Powershell to strengthen my grasp of the product.  Here's what I tried.

    Get-ADGroupMember Sales-North | Add-ADPrincipalGroupMembership -Memberof "Sales"

    When I run this, I get a Warning that it can not add a member to the "Sales" group because the member already exists.  From what I can tell, this is because the group Sales-North is a member of the Sales group and therefore the users in Sales-North are implicitly members of the Sales group.  In this example I only got one error, and no users were added to the top group.

    So, thien I tried this:

    $members = Get-ADGroupMember "Sales-North"

    ForEach ($member in $members)

       {

        Add-ADPrincipalGroupMembership -identity $member -MemberOf "Sales"

        }

    In this case, I got the same error for each member of the Sales-North group.  I verified that none of the members are in the Sales group except for being in the sub-group.  So, if I am correct and it is seeing the implicit membership and will not allow me to perform the explicit membership, is there any way around this.  I hope I explained that well enough.   I want to learn, but if it takes too long, it's hard to justify not just doing it using the GUI.  THanks for any help you can provide.

    Friday, April 5, 2013 5:55 PM

Answers

  • Well I would start by removing the groups, that you don't need anymore from the "Sales" group. I would then get the members from each group and add them to the specified group.

    $removeGroups = @("North-Sales","South-Sales")
    $members = @()
    
    ForEach ($group in $removeGroups)
    {
      # First remove the group from the sales group
      Remove-ADGroupMember -Identity Sales -Members $group
    
      #Get a list of members and add to members array
      $members += Get-ADGroupMembers -Identity $group | Select-Object -ExpandProperty sAMAccountName
    }
    
    ForEach ($member in $members)
    {
      Add-ADGroupMember -Identity Sales -Members $member
    }
    
    This has NOT been tested.

    If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.

    Friday, April 5, 2013 6:41 PM