Solved

Powershell: add many users to a security group?

Posted on 2011-02-24
7
1,431 Views
Last Modified: 2012-06-27
Experts-

Still relatively new to Powershell and am having some issues trying to figure out the proper syntax for this.

I have the users in a single OU (I also have a list of the users in a CSV file).
Is there a way to use powershell to make these users a member of a specific security group?

I think my syntax is wrong, and still can't quite get the hang of it.
$Group = [ADSI]"LDAP://CN=TESTOU,OU=Company Users,DC=blah,DC=com"

get-user -organizationalUnit TESTOU | where-object{$_.RecipientType -eq User" -and $_.department -eq "Sales"} | $Group.Add("LDAP://$($newuser.distinguishedName)")

Open in new window

0
Comment
Question by:ThinkPaper
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
7 Comments
 
LVL 40

Expert Comment

by:Adam Brown
ID: 34974069
Well, there are some built in Powershell cmdlets you can use if you have Windows 2008 R2. If you don't, I'd highly recommend using the quest active roles shell available here: http://www.quest.com/powershell/activeroles-server.aspx

I'll work on a quick script for you to use in there that should work well.
0
 
LVL 40

Expert Comment

by:Adam Brown
ID: 34974161
The attached code should do what you want if you use the Quest cmdlets.
Here's how it works, the get-qaduser cmdlet pulls all users in AD, the Where limits returns to users that have a parentcontainer attribute of domain.com/home/users. The results are placed into an object. A foreach-object is run on that object and pulls the Name attribute and ties it to the $name object and runs the add-qadgroupmember cmdlet for each entry. The add-qadgroupmember cmdlet is passed the identity of the group Groupname and each pass of the foreach loop adds the user to that group.
$users = get-qaduser | where{$_.parentcontainer -eq "domain.com/Home/Users"}
foreach ($name in $users)
{
add-qadgroupmember -identity "Groupname" -member $name
}

Open in new window

0
 
LVL 16

Author Comment

by:ThinkPaper
ID: 34974213
I understand that Quest cmdlets are very useful, but unfortunately I am not allowed to use it.

I found a workaround by simply using Active Directory, opening the properties of the Security Group, and adding the users in that way (Selecting them all) since they are all located in the same OU.

Still -- it'd be nice if I could figure the commands out.
0
Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

 
LVL 40

Expert Comment

by:Adam Brown
ID: 34974325
Yeah. Native coding for AD work in powershell is a little tricky. For instance, the get-user cmdlet doesn't really exist in native powershell. In the AD Shell for 2008 R2, you would use the get-aduser cmdlet. The -organizationalunit switch also doesn't exist. You would use something similar to the code snippet I added, where{$_.parentcontainer -eq "ou path"}, to pull out only users that are in a specific OU.

http://www.techrepublic.com/blog/networking/managing-active-directory-objects-with-powershell-in-windows-server-2008/1166 should give you some more detail on what you would want to do without Quest or the AD cmdlets in 2008 R2. There are some additional resources available there that may help as well.You may also want to wait a bit, and some of the more experienced powershellers will probably come by and give some advice. I'd point you to the beginner's guide I wrote a while back, but I think you're already past what it will be able to explain. A link to it is in my profile if you feel like looking at it, though.
0
 
LVL 12

Expert Comment

by:prashanthd
ID: 34977988
Will a vbscript be helpful?
0
 
LVL 12

Accepted Solution

by:
prashanthd earned 500 total points
ID: 34978718
Try the following powershell code, it will fetch all users from OU and add the Group
Set the following values
#Set the absolute path of the group  
$group = [ADSI]"LDAP://CN=TESTOU,OU=Company Users,DC=blah,DC=com"
#Set the absolute path of the OU  
$objDomain = New-Object System.DirectoryServices.DirectoryEntry("LDAP://ou=TESTOU,dc=blah,dc=com")
#Set the absolute path of the group  
$group = [ADSI]"LDAP://CN=TESTOU,OU=Company Users,DC=blah,DC=com"
#Set the absolute path of the OU   
$objDomain = New-Object System.DirectoryServices.DirectoryEntry("LDAP://ou=TESTOU,dc=blah,dc=com") 

$strFilter = "(&(objectClass=person)(objectCategory=User))"
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.SearchRoot = $objDomain
$objSearcher.PageSize = 1000
$objSearcher.Filter = $strFilter
$objSearcher.SearchScope = "subtree"

$colProplist ="adspath"
foreach ($i in $colPropList){$objSearcher.PropertiesToLoad.Add($i)}

$colResults = $objSearcher.FindAll()

foreach ($objResult in $colResults){
    $objItem = $objResult.Properties; 
	$objItem.adspath
	$group.add($objItem.adspath)
	$group.SetInfo()
	}

Open in new window

0
 
LVL 16

Author Closing Comment

by:ThinkPaper
ID: 34998064
Wow, thanks! That was a whole lot more complicated than I thought it would be. @_@!
0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A recent project that involved parsing Tableau Desktop and Server log files to extract reusable user queries for use in other systems. I chose to use PowerShell to gather the data, and SharePoint to present it...
A hard and fast method for reducing Active Directory Administrators members.
To add imagery to an HTML email signature, you have two options available to you. You can either add a logo/image by embedding it directly into the signature or hosting it externally and linking to it. The vast majority of email clients display l…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question