?
Solved

script to add users to groups - bulk?

Posted on 2012-09-20
15
Medium Priority
?
1,637 Views
Last Modified: 2012-09-20
can someone provide a powershell script that will allow me to key on an input CSV file and add members to the appropriate groups.

for example the CSV would be structured like this:

column A                               Column B
jsmith                                     engineering-group
bsmith                                    engineering-group
dsmith                                    engineering-group
adavid                                     marketing-group
bdavid                                     marketing-group
cdavid                                     marketing-group .... etc
0
Comment
Question by:siber1
  • 7
  • 5
  • 3
15 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 38417697
Try this way
Import-CSV c:\list.csv | %{
$usr=Get-QADUser $_."columnA"
$grp=Get-QADGroup $_."columnB"
Add-QADGroupMember -Identity $grp -Member $usr
}

Open in new window


Regards,
Krzysztof
0
 

Author Comment

by:siber1
ID: 38417788
Hi Krzysztof, just tested in the lab and here is the error:

Add-QADGroupMember : Cannot validate argument on parameter 'Identity'. The argument is null or empty. Supply an argumen
t that is not null or empty and then try the command again.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 38417826
Hello,

hm strange it works for me. How did you prepare your CSV file ? It should be in format

columnA,columnB
user1,group1
user2,group2

comma separated values

Krzysztof
0
What Security Threats Are We Predicting for 2018?

Cryptocurrency, IoT botnets, MFA, and more! Hackers are already planning their next big attacks for 2018. Learn what you might face, and how to defend against it with our 2018 security predictions.

 

Author Comment

by:siber1
ID: 38418001
hi .. yes just re-verfied that is exactly what i have in my .csv file.

here is the full error i get when running it as .ps1 script

Add-QADGroupMember : Cannot validate argument on parameter 'Identity'. The argument is null or empty. Supply an argumen
t that is not null or empty and then try the command again.
At C:\Users\my-acccount\Desktop\add-to-groups.ps1:4 char:29
+ Add-QADGroupMember -Identity <<<<  $grp -Member $usr
    + CategoryInfo          : InvalidData: (:) [Add-QADGroupMember], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Quest.ActiveRoles.ArsPowerShellSnapIn.Commands.AddGroup
   MemberCmdlet2


/my input CSV file is attached.

pls advise

thx
list1.csv
0
 

Author Comment

by:siber1
ID: 38418551
Hi Krzysztof, any suggestions to clear the error we are seeing?

much appreciated.

S.
0
 

Author Comment

by:siber1
ID: 38418573
Krzysztof, I think its failing because i have the sAMAccountName in columnA.

can you adust the script so that it will accpet sAMAccountName in that column?

thx
0
 

Author Comment

by:siber1
ID: 38419025
does anyone else have a suggestion on this?  would appreciate some assistance as we have a planned migration starting tonight.

thx.

S.
0
 
LVL 12

Accepted Solution

by:
GusGallows earned 2000 total points
ID: 38419142
There is a typo in the code. Your column headers have a space in them. The code doesn't. Try the following:
Import-CSV c:\list.csv | %{
$usr=Get-QADUser $_."column A"
$grp=Get-QADGroup $_."column B"
Add-QADGroupMember -Identity $grp -Member $usr
} 

Open in new window


Basically, you are passing it blank values because the columns called ColumnA and ColumnB do not exist.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 38419148
Sorry, I went home. From your CSV file, looks like columnB - group is incomplete and Get-QADGroup finds more than one (qs_)

Please specify there full group name to which you want to add users and would work fine

Krzysztof
0
 
LVL 12

Assisted Solution

by:GusGallows
GusGallows earned 2000 total points
ID: 38419159
Also, depending on your version of active directory, if on 2008 R2, you can do the following with the AD module instead of QAD:
Import-CSV c:\list.csv | %{
$usr=Get-ADUser $_."column A"
$grp=Get-ADGroup $_."column B"
Add-ADGroupMember -Identity $grp -Member $usr
} 

Open in new window

0
 
LVL 12

Expert Comment

by:GusGallows
ID: 38419188
Hmm ok, I was going off the first post. Just saw your list.csv. The column headers are correct. I don't see anything missing from column b unless those aren't the correct names. What version of AD are you on?
0
 
LVL 12

Expert Comment

by:GusGallows
ID: 38419199
If you have the AD module, you can do it this way:
Import-Module ActiveDirectory
Import-CSV c:\list.csv | %{
$usr=Get-ADUser $_."columnA"
$grp=Get-ADGroup $_."columnB"
Add-ADGroupMember -Identity $grp -Member $usr
} 

Open in new window

0
 

Author Comment

by:siber1
ID: 38419207
thx Gus.  We are at win2k8 R2 AD DS
I'll test that in a bit.
0
 
LVL 12

Expert Comment

by:GusGallows
ID: 38419219
If it still doesn't work, try converting to the distinguished name from the SamAccountName. You can do it like this:
Import-Module ActiveDirectory
Import-CSV c:\list.csv | %{
$usr=Get-ADUser $_."columnA"
$usrdg = $usr.distinguishedName
$grp=Get-ADGroup $_."columnB"
$grpDG = $grp.distinguishedName
Add-ADGroupMember -Identity $grpDG -Member $usrdg
} 

Open in new window

0
 

Author Closing Comment

by:siber1
ID: 38420170
thanks guys, the problem was on my side, i had the group names added incorrectly. both of the logic provided worked like a charm.

many thanks!

S.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question