Adding Multiple Users to Multiple AD Groups

Ask your PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 8 years and 3 weeks old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked
User avatar
cstewart28
Posts: 12
Last visit: Thu Sep 01, 2016 8:41 am

Adding Multiple Users to Multiple AD Groups

Post by cstewart28 »

I'm trying to find a solutions for adding around 1000 AD accounts into multiple (up to 25 different) AD groups with not all AD accounts being in every AD group. The source data will be a csv file with the following format:

Name adGroup1 adGroup2 adGroup3......adGroup25
adUser1 X X
adUser2 X
adUser3 X X X

I'm trying to work out some logic to search every user and where their is an "x" add them to the correct adGroup. I know how to add the user to group, just having trouble working out the search logic. I have thought of trying making each group and user on one line, such as:

adUser1, adGroup1
adUser1, adGroup3
adUser2, adGroup2
adUser3....

But this would take a very long time and I would have to figure out some Excel VBA stuff for that to work, plus we are talking about around 1000 adUser accounts.

Also I get this data from the PM so having them change their process, will not work. The process has been manual and I'm looking for ways to be more efficient.

Thanks

Chris
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: Adding Multiple Users to Multiple AD Groups

Post by jvierra »

Just use Import-Csv and enumerate the records. For each column that is checked add user to group. Use a list of if statements to add to selected groups.

This would take only about 3 lines plus one line for each group.
User avatar
cstewart28
Posts: 12
Last visit: Thu Sep 01, 2016 8:41 am

Re: Adding Multiple Users to Multiple AD Groups

Post by cstewart28 »

I have been trying, but I guess I thought I could make it work, but it is not working out.
Could you please help me out.
  1. #CSV file format
  2. #adusers,adgroup1, adgroup2, adgroup3
  3. #aduser1     X              X
  4. #aduser2                                    X
  5. #aduser3    X                              X
  6.  
  7. $adusers = @()
  8. $group = "sAppV-Firefox"
  9.  
  10. $group = Get-ADGroup "UAT-MID-Applications"
  11.  
  12. Import-Csv C:\tools\UAT-Testers.csv |`
  13.  ForEach-Object {
  14.     $adusers += $_.adusers
  15.  }
  16.  
  17. ForEach($person in $adusers){
  18.     $user = Get-ADUser -Filter {SamAccountName -like $person}
  19.     Add-ADGroupMember -Identity $group -Members $user
  20. }
Thanks
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: Adding Multiple Users to Multiple AD Groups

Post by jvierra »

You have to enumerate all group columns and add when the column contains an X.
  1. Import-Csv file.csv|
  2.    ForEach-Object{
  3.         $user=Get-AdUser $_.adusers
  4.         if($_.Group1){ Add-AdGroupMember Group1 -member $user
  5.         if($_.Group2){ Add-AdGroupMember Group2 -member $user
  6.         if($_.Group3){ Add-AdGroupMember Group3 -member $user
  7.         .... etc ...
  8.    }
User avatar
MikeFRobbins
Posts: 8
Last visit: Thu Apr 11, 2019 1:55 pm

Re: Adding Multiple Users to Multiple AD Groups

Post by MikeFRobbins »

Consider making the additions based on group instead of user since Add-ADGroupMember allows multiple users to be added to a single group at the same time.
  1. $Header = ((Get-Content -Path C:\tmp\test.csv -TotalCount 1) -split ',').Trim()
  2. $Users = Import-Csv C:\tmp\test.csv
  3.  
  4. foreach ($Group in $Header[1..($Header.Count -1)]) {
  5.     Add-ADGroupMember -Identity $Group -Members ($Users | Where-Object $Group -eq 'X' | Select-Object -ExpandProperty $Header[0]) -WhatIf
  6. }
Remove the "-WhatIf" after you test the code and you're ready to run it for real.
Mike F Robbins
Microsoft MVP, SAPIEN MVP
User avatar
cstewart28
Posts: 12
Last visit: Thu Sep 01, 2016 8:41 am

Re: Adding Multiple Users to Multiple AD Groups

Post by cstewart28 »

Thank you however I tried and got errors,

Add-ADGroupMember : Cannot validate argument on parameter 'Members'. The argument is null or empty. Provide an argument that is not null or empty, and then
try the command again.
At C:\Users\admin\Documents\Add Users from Security Matrix.ps1:11 char:49
+ Add-ADGroupMember -Identity $Group -Members ($Users | Where-Object $Group -e ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Add-ADGroupMember], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.AddADGroupMember
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: Adding Multiple Users to Multiple AD Groups

Post by jvierra »

We have no idea which code you used. Also you need to check to be sure that the user specified exists.
  1. Import-Csv file.csv|
  2.    ForEach-Object{
  3.         if($user=Get-AdUser $_.adusers){
  4.             if($_.Group1){ Add-AdGroupMember Group1 -member $user
  5.             if($_.Group2){ Add-AdGroupMember Group2 -member $user
  6.             if($_.Group3){ Add-AdGroupMember Group3 -member $user
  7.             #.... etc ...
  8.     }else{
  9.         Write-Host 'user not found'
  10.     }
  11.    }
User avatar
MikeFRobbins
Posts: 8
Last visit: Thu Apr 11, 2019 1:55 pm

Re: Adding Multiple Users to Multiple AD Groups

Post by MikeFRobbins »

Looks like you were using the previous code I posted and it appears that you're running it on a machine with PowerShell version 2. I typically write all of my code to be compatible with PowerShell version 3 or higher.

Here's a version that should work with PowerShell version 2.0:
  1. Import-Module -Name ActiveDirectory
  2. $Header = (Get-Content -Path C:\tmp\UserGroups.csv -TotalCount 1) -split ','
  3. $Users = Import-Csv -Path C:\tmp\UserGroups.csv
  4.  
  5. foreach ($Group in $Header[1..($Header.Count -1)]) {
  6.     Add-ADGroupMember -Identity $Group -Members ($Users | Where-Object {$_.$Group -eq 'X'} | Select-Object -ExpandProperty $Header[0]) -WhatIf
  7. }
Last edited by MikeFRobbins on Thu Mar 03, 2016 8:52 am, edited 1 time in total.
Mike F Robbins
Microsoft MVP, SAPIEN MVP
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: Adding Multiple Users to Multiple AD Groups

Post by jvierra »

Mike's method will work well and save a lot of typing.
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: Adding Multiple Users to Multiple AD Groups

Post by jvierra »

This topic is 8 years and 3 weeks old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked