Create AD Groups & Membership via Command Line

I need to create about 100 AD Security Groups and then add users to those groups.  I would like to do this via command line so it does not take forever.....

What is the best way to accomplish this?  My domain controller's are ALL Server 2012 R2.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Will SzymkowskiSenior Solution ArchitectCommented:
Best approch is using powershell. Use the script below to create the groups and then add your members to them.

Create the Security Group
The CSV should be constructed like the following...
Name GroupScope GroupCategory DisplayName samaccountname path
Sec01      Universal       Security              Sec01               Sec01                      ou=groups,dc=domain,dc=com
Import-Module activedirectory
$Groups = import-csv "C:\filename.csv"
    Foreach ($Group in $Groups) {
        New-ADGroup -Name $Group.Name -GroupScope $Group.GroupScope -GroupCategory $Group.GroupCategory -DisplayName $Group.DisplayName -SamAccountName $Group.samaccountname -Path $Group.path

Open in new window

Add all of your members to the security groups that were created
Your Second CSV should be constructed like below...
Identity Members
Sec01    JohnSmith
Sec01    MarkBam
Sec02    KenHam
Import-Module activedirectory
$Users = import-csv "c:\filename.csv"
    Foreach ($User in $Users) {
        Add-ADGroupMember -Identity $User.Identity -Members $User.Members

Open in new window


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
BSModlinAuthor Commented:
Thanks for the info.....  One question regarding the 2nd script...... The first column is labeled "Identity" which refers to the group name.  And the 2nd column labeled "Members" refers to the username?  For example User John Doe would be jdoe?
Will SzymkowskiSenior Solution ArchitectCommented:
That is exactly correct.

BSModlinAuthor Commented:
When I run the script for creating the groups I get the following error:

ou=CRM Security Groups,ou=SecurityGroups,ou=_GROUPS,ou=*SAS,dc=ABC,dc=local
New-ADGroup : Access is denied
At C:\Powershell\CreateGroups.ps1:10 char:9
+         New-ADGroup -Name $Group.Name -GroupScope $Group.GroupScope -GroupCatego ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (CN=CRM_Workflow...rvices,dc=local:String) [New-ADGroup], UnauthorizedAccessExcepti
    + FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.UnauthorizedAccessException,Microsoft.ActiveDirectory.Management.Command
BSModlinAuthor Commented:
Nevermind.... My bad, I figured it out!!

Everything worked beautifully, thank you!!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.