Powershell script to pull all AD accounts from a specified OU and add them as member into a Security Group

Is there a Powershell script that can pull all the users AD account from an OU and add them to a specific Security Group? I want to automate this and not have to rely on each site helpdesk to add manually as a member of this group when setting up a new user. A lot of time they forget so best way is having this scheduled to run daily.
CiscoAznAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

becraigCommented:
something like this should work:

Get-ADUser -Filter * -SearchBase "OU=OU, DC=domain, DC=com" | % { add-adgroupmember  - identity <groupname> -member $_.samaccountname }

Open in new window

0
CiscoAznAuthor Commented:
No this did not work.
0
becraigCommented:
What specifically did not work ?

I am hoping you actually put in the right values for the OU and for the groupname  ?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

VB ITSSpecialist ConsultantCommented:
Try this:
Get-ADUser -SearchBase 'OU=Users,OU=Company,DC=domain,DC=com' -Filter * | % { Add-ADGroupMember 'Name of Security Group' -Members $_ }

Open in new window

Make sure you modify the bit after the -SearchBase switch to match your environment. Also change the 'Name of Security Group' to match the pre-Windows 2000 name of your group.
0
VB ITSSpecialist ConsultantCommented:
To elaborate, here's a screenshot of the properties of a Security Group where I changed it's name but not the pre-Windows 2000 name
Security-Group-Names.pngIf you look at the top bar, you'll see that I've named the group Dummy Group. If I then attempt to run the above script and use the group name Dummy Group then PowerShell will spit out an error for each and every user in the OU.

If I change the script to use the group name Security Group then it will work as expected and add all the users within the OU to the group.

Hope this clears things up.
0
CiscoAznAuthor Commented:
VB ITS ... this worked!! Can you tell me if you know how to pull multiple OU's into one single security group?
0
becraigCommented:
I am not sure what would have worked in the script VBITS provided that would not in mine since they are exactly the same thing ?

Are you asking to have the members of multiple OUs added to a single security group ?
If so, you can either populate a text file with all the OUs and simply pipe into a foreach loop.
0
CiscoAznAuthor Commented:
becraig,
Your script gave me multiple errors. Can you give me an example of what you're stating to populate all the OU's?
0
becraigCommented:
you can get all OUs using Get-ADOrganizationalUnit
e.g :
Get-ADOrganizationalUnit -Filter 'Name -like "*"' | FT Name, DistinguishedName -A

More info:

http://ss64.com/ps/get-adorganizationalunit.html
0
CiscoAznAuthor Commented:
That's not really helping me if there's no real examples that can be scripted and tested.
0
becraigCommented:
There are 3 examples on the page I provided the link to, but let me post them here:
Examples

Get all the Organizational Units in the domain:

PS C:\>
Get-ADOrganizationalUnit -Filter 'Name -like "*"' | FT Name, DistinguishedName -A

Open in new window


Gets the Organizational Unit with DistinguishedName 'OU=Sydney,OU=Demo,DC=SS64,DC=COM':

PS C:\>
Get-ADOrganizationalUnit -Identity 'OU=Sydney,OU=Demo,DC=SS64,DC=COM' | FT Name,Country,PostalCode,City,StreetAddress,State -A

Open in new window


Gets OUs underneath the 'Sydney' Organizational Unit using an LDAP filter:

PS C:\>
 Get-ADOrganizationalUnit -LDAPFilter '(name=*)' -SearchBase 'OU=Sydney,OU=Demo,DC=SS64,DC=COM' -SearchScope OneLevel | FT Name,Country,PostalCode,City,StreetAddress,State

Open in new window

0
VB ITSSpecialist ConsultantCommented:
You can use this CiscoAzn:
$OUs = 'OU=Users1,OU=Company,DC=domain,DC=com','OU=Users2,OU=Company,DC=domain,DC=com','OU=Users3,OU=Company,DC=domain,DC=com'

$OUs | ForEach { Get-ADUser -Filter * -SearchBase $_ | % { Add-ADGroupMember 'Name of Security Group' -Members $_ }}

Open in new window

Just modify the first line as needed and add/remove the DNs for your OUs separated by a comma.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.