Page 1 of 1

Adding Multiple Users to Multiple AD Groups

Posted: Sun Feb 14, 2016 9:41 am
by cstewart28
I'm trying to find a solutions for adding around 1000 AD accounts into multiple (up to 25 different) AD groups with not all AD accounts being in every AD group. The source data will be a csv file with the following format:

Name adGroup1 adGroup2 adGroup3......adGroup25
adUser1 X X
adUser2 X
adUser3 X X X

I'm trying to work out some logic to search every user and where their is an "x" add them to the correct adGroup. I know how to add the user to group, just having trouble working out the search logic. I have thought of trying making each group and user on one line, such as:

adUser1, adGroup1
adUser1, adGroup3
adUser2, adGroup2
adUser3....

But this would take a very long time and I would have to figure out some Excel VBA stuff for that to work, plus we are talking about around 1000 adUser accounts.

Also I get this data from the PM so having them change their process, will not work. The process has been manual and I'm looking for ways to be more efficient.

Thanks

Chris

Re: Adding Multiple Users to Multiple AD Groups

Posted: Sun Feb 14, 2016 11:39 am
by jvierra
Just use Import-Csv and enumerate the records. For each column that is checked add user to group. Use a list of if statements to add to selected groups.

This would take only about 3 lines plus one line for each group.

Re: Adding Multiple Users to Multiple AD Groups

Posted: Wed Feb 17, 2016 1:11 pm
by cstewart28
I have been trying, but I guess I thought I could make it work, but it is not working out.
Could you please help me out.
  1. #CSV file format
  2. #adusers,adgroup1, adgroup2, adgroup3
  3. #aduser1     X              X
  4. #aduser2                                    X
  5. #aduser3    X                              X
  6.  
  7. $adusers = @()
  8. $group = "sAppV-Firefox"
  9.  
  10. $group = Get-ADGroup "UAT-MID-Applications"
  11.  
  12. Import-Csv C:\tools\UAT-Testers.csv |`
  13.  ForEach-Object {
  14.     $adusers += $_.adusers
  15.  }
  16.  
  17. ForEach($person in $adusers){
  18.     $user = Get-ADUser -Filter {SamAccountName -like $person}
  19.     Add-ADGroupMember -Identity $group -Members $user
  20. }
Thanks

Re: Adding Multiple Users to Multiple AD Groups

Posted: Wed Feb 17, 2016 1:25 pm
by jvierra
You have to enumerate all group columns and add when the column contains an X.
  1. Import-Csv file.csv|
  2.    ForEach-Object{
  3.         $user=Get-AdUser $_.adusers
  4.         if($_.Group1){ Add-AdGroupMember Group1 -member $user
  5.         if($_.Group2){ Add-AdGroupMember Group2 -member $user
  6.         if($_.Group3){ Add-AdGroupMember Group3 -member $user
  7.         .... etc ...
  8.    }

Re: Adding Multiple Users to Multiple AD Groups

Posted: Thu Feb 18, 2016 2:23 pm
by MikeFRobbins
Consider making the additions based on group instead of user since Add-ADGroupMember allows multiple users to be added to a single group at the same time.
  1. $Header = ((Get-Content -Path C:\tmp\test.csv -TotalCount 1) -split ',').Trim()
  2. $Users = Import-Csv C:\tmp\test.csv
  3.  
  4. foreach ($Group in $Header[1..($Header.Count -1)]) {
  5.     Add-ADGroupMember -Identity $Group -Members ($Users | Where-Object $Group -eq 'X' | Select-Object -ExpandProperty $Header[0]) -WhatIf
  6. }
Remove the "-WhatIf" after you test the code and you're ready to run it for real.

Re: Adding Multiple Users to Multiple AD Groups

Posted: Wed Mar 02, 2016 8:29 pm
by cstewart28
Thank you however I tried and got errors,

Add-ADGroupMember : Cannot validate argument on parameter 'Members'. The argument is null or empty. Provide an argument that is not null or empty, and then
try the command again.
At C:\Users\admin\Documents\Add Users from Security Matrix.ps1:11 char:49
+ Add-ADGroupMember -Identity $Group -Members ($Users | Where-Object $Group -e ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Add-ADGroupMember], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.AddADGroupMember

Re: Adding Multiple Users to Multiple AD Groups

Posted: Wed Mar 02, 2016 9:11 pm
by jvierra
We have no idea which code you used. Also you need to check to be sure that the user specified exists.
  1. Import-Csv file.csv|
  2.    ForEach-Object{
  3.         if($user=Get-AdUser $_.adusers){
  4.             if($_.Group1){ Add-AdGroupMember Group1 -member $user
  5.             if($_.Group2){ Add-AdGroupMember Group2 -member $user
  6.             if($_.Group3){ Add-AdGroupMember Group3 -member $user
  7.             #.... etc ...
  8.     }else{
  9.         Write-Host 'user not found'
  10.     }
  11.    }

Re: Adding Multiple Users to Multiple AD Groups

Posted: Thu Mar 03, 2016 8:42 am
by MikeFRobbins
Looks like you were using the previous code I posted and it appears that you're running it on a machine with PowerShell version 2. I typically write all of my code to be compatible with PowerShell version 3 or higher.

Here's a version that should work with PowerShell version 2.0:
  1. Import-Module -Name ActiveDirectory
  2. $Header = (Get-Content -Path C:\tmp\UserGroups.csv -TotalCount 1) -split ','
  3. $Users = Import-Csv -Path C:\tmp\UserGroups.csv
  4.  
  5. foreach ($Group in $Header[1..($Header.Count -1)]) {
  6.     Add-ADGroupMember -Identity $Group -Members ($Users | Where-Object {$_.$Group -eq 'X'} | Select-Object -ExpandProperty $Header[0]) -WhatIf
  7. }

Re: Adding Multiple Users to Multiple AD Groups

Posted: Thu Mar 03, 2016 8:45 am
by jvierra
Mike's method will work well and save a lot of typing.

Re: Adding Multiple Users to Multiple AD Groups

Posted: Sat Mar 05, 2016 11:25 am
by jvierra