powershell script to add computer account to global security group


i need a script to get from 2 different OU all computer account and add them to a global security group

i will use scheduled task for this, so every time i have new computer the script add it to the group

i have AD 2008 R2.

thanks for help
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Robin CMSenior Security and Infrastructure EngineerCommented:
Add-ADGroupMember -Identity "Finance Server Group" -Members (Get-ADComputer -SearchBase "ou=Finance,ou=Servers,dc=rcmtech,dc=co,dc=uk")
cawasakiAuthor Commented:

computer are on 2 different OU, possibe to adabt command plz?
Robin CMSenior Security and Infrastructure EngineerCommented:
Just run the command twice :-)
Specify the second OU the second time around, but keep the group name the same. e.g.
Add-ADGroupMember -Identity "Finance Server Group" -Members (Get-ADComputer -SearchBase "ou=Finance,ou=Europe,ou=Servers,dc=rcmtech,dc=co,dc=uk")
Add-ADGroupMember -Identity "Finance Server Group" -Members (Get-ADComputer -SearchBase "ou=Finance,ou=Americas,ou=Servers,dc=rcmtech,dc=co,dc=uk")
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

cawasakiAuthor Commented:

i have this when i execute the script:

cmdlet Get-ADComputer at command pipeline position 1
Supply values for the following parameters:
(Type !? for Help.)
Robin CMSenior Security and Infrastructure EngineerCommented:
Apologies, the command should include -Filter * as follows:
Add-ADGroupMember -Identity "Finance Server Group" -Members (Get-ADComputer -SearchBase "ou=Finance,ou=Europe,ou=Servers,dc=rcmtech,dc=co,dc=uk" -Filter *)
 Add-ADGroupMember -Identity "Finance Server Group" -Members (Get-ADComputer -SearchBase "ou=Finance,ou=Americas,ou=Servers,dc=rcmtech,dc=co,dc=uk" -Filter *)

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cawasakiAuthor Commented:
ok now its good, but script do not add computer because he detect other one is already memeber, i have this error:

Add-ADGroupMember : The specified account name is already a member of the group
At line:1 char:18
+ Add-ADGroupMember <<<<  -Identity "Finance Server Group" -Members (Get-ADComputer -SearchBase ""ou=Finance,ou=Europe,ou=Servers,dc=rcmtech,dc=co,dc=uk"
 -Filter *)
    + CategoryInfo          : NotSpecified: (Finance Server Group:ADGroup) [Add-ADGroupMember], ADException
    + FullyQualifiedErrorId : The specified account name is already a member of the group,Microsoft.ActiveDirectory.Management.Commands.AddADGroupMember
Robin CMSenior Security and Infrastructure EngineerCommented:
There's not necessarily a problem with that, does it carry on and add the remaining computers?
You can always add
-ErrorAction SilentlyContinue
on the end of each of the two lines if you don't like seeing the errors.
cawasakiAuthor Commented:
yes but i have test with one OU with 12 computer, 11 computer are already memeber of the group.

when i execute the script i have this error and the new computer is not added as a member
Robin CMSenior Security and Infrastructure EngineerCommented:
If you add the ErrorAction bit it'll "silently continue" and not bomb the entire command out.
Alternatively, if you're putting the two lines in a script, add this at the top of the script to set it for all commands in that script:
$ErrorActionPreference = "SilentlyContinue"
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.