<div>
Probably the LDAP filter error.. Try this.. 

<pre><code class="code-1 nolinks" id="code-20-41844033-1">Get-ADUser –SearchBase $OU1 –LDAPFilter &quot;(&amp;(objectCategory=person)(objectClass=user)(!(memberOf=$SecGroup)))&quot; | Add-ADPrincipalGroupMembership –MemberOf &quot;$SecGroup&quot;
</code></pre>
If it doesn't work then post the error from PowerShell console..
</div>

<div>
This is the error that i am getting. 
 
PS C:\scripts&gt; .\Write_PA_PasswordPolicy.ps1 
At C:\scripts\Write_PA_PasswordPolicy.ps1:48 char:171 
+ ... erOf &quot;$SecGroup&quot; 
+ &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;~ 
The string is missing the terminator: &quot;. 
At C:\scripts\Write_PA_PasswordPolicy.ps1:47 char:1 
+ { 
+ ~ 
Missing closing '}' in statement block. 
&nbsp; &nbsp; + CategoryInfo &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;: ParserError: (:) [], ParseException 
&nbsp; &nbsp; + FullyQualifiedErrorId : TerminatorExpectedAtEndOfString
</div>

<div>
<blockquote>
The string is missing the terminator: &quot;. 
 
Missing closing '}' in statement block.
</blockquote>
Errors indicate a syntax error, are you using the code which I posted? If not please post the exact code which you are using..
</div>

<div>
This is the code of the entire file. I was trying to add logging to the file but was confused on how to do that. 
 
 

<pre><code class="code-10 nolinks" id="code-20-41870528-1">.PARAMETER &lt;Parameter_Name&gt;
 &lt;Brief description of parameter input required. Repeat this attribute if required&gt;
.INPUTS
 &lt;Inputs if any, otherwise state None&gt;
.OUTPUTS
 &lt;Outputs if any, otherwise state None - example: Log file stored in C:\Windows\Temp\&lt;name&gt;.log&gt;
.NOTES
 Version: 1.0
 Author: &lt;Name&gt;
 Creation Date: &lt;Date&gt;
 Purpose/Change: Initial script development
 
.EXAMPLE
 &lt;Example goes here. Repeat this attribute for more than one example&gt;
#&gt;

#---------------------------------------------------------[Initialisations]--------------------------------------------------------

#Set Error Action to Silently Continue
$ErrorActionPreference = &quot;SilentlyContinue&quot;

#Dot Source required Function Libraries
. &quot;C:\Scripts\Logging_Functions.ps1&quot;

#----------------------------------------------------------[Declarations]----------------------------------------------------------

#Script Version
$sScriptVersion = &quot;1.0&quot;

#Log File Info
$sLogPath = &quot;C:\Windows\Temp&quot;
$sLogName = &quot;Write_PA_PasswordPolicy.log&quot;
$sLogFile = Join-Path -Path $sLogPath -ChildPath $sLogName

#-----------------------------------------------------------[Functions]------------------------------------------------------------
Import-Module ActiveDirectory

$OU1 = 'OU=OCIO_SecTest,OU=Priviledged_Access,OU=_Users,DC=test,DC=org'
$SecGroup = (Get-ADGroup -Identity 'PrivilegedUserPasswordPolicy').DistinguishedName

{
Get-ADUser –SearchBase $OU1 –LDAPFilter &quot;(&amp;(objectCategory=person)(objectClass=user)(!(memberOf=$SecGroup)))&quot; | {Add-ADPrincipalGroupMembership –MemberOf &quot;$SecGroup&quot;}
}



#-----------------------------------------------------------[Execution]------------------------------------------------------------

#Log-Start -LogPath $sLogPath -LogName $sLogName -ScriptVersion $sScriptVersion
#Script Execution goes here
#Log-Finish -LogPath $sLogFile
</code></pre>
</div>

<div>
There are some unwanted curly brackets and code details which I removed now, test and let me know if you have any questions.. 

<pre><code class="code-10 nolinks" id="code-20-41870606-1">#Set Error Action to Silently Continue
$ErrorActionPreference = &quot;SilentlyContinue&quot;

#Dot Source required Function Libraries
. &quot;C:\Scripts\Logging_Functions.ps1&quot;

#----------------------------------------------------------[Declarations]----------------------------------------------------------

#Script Version
$sScriptVersion = &quot;1.0&quot;

#Log File Info
$sLogPath = &quot;C:\Windows\Temp&quot;
$sLogName = &quot;Write_PA_PasswordPolicy.log&quot;
$sLogFile = Join-Path -Path $sLogPath -ChildPath $sLogName

#-----------------------------------------------------------[Functions]------------------------------------------------------------
Import-Module ActiveDirectory

$OU1 = 'OU=OCIO_SecTest,OU=Priviledged_Access,OU=_Users,DC=test,DC=org'
$SecGroup = (Get-ADGroup -Identity 'PrivilegedUserPasswordPolicy').DistinguishedName

Get-ADUser –SearchBase $OU1 –LDAPFilter &quot;(&amp;(objectCategory=person)(objectClass=user)(!(memberOf=$SecGroup)))&quot; | Add-ADPrincipalGroupMembership –MemberOf $SecGroup

#-----------------------------------------------------------[Execution]------------------------------------------------------------

#Log-Start -LogPath $sLogPath -LogName $sLogName -ScriptVersion $sScriptVersion
#Script Execution goes here
#Log-Finish -LogPath $sLogFile
</code></pre>
</div>

<div>
I dont know why i am getting this. I copied the exact same code from your previous post. 
 
At C:\scripts\Write_PA_PasswordPolicy.ps1:14 char:151 
+ ... upMembership â€“MemberOf $SecGroup 
+ &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;~~~~~~~~~~~~~~~~~~~ 
The string is missing the terminator: &quot;. 
&nbsp; &nbsp; + CategoryInfo &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;: ParserError: (:) [], ParseException 
&nbsp; &nbsp; + FullyQualifiedErrorId : TerminatorExpectedAtEndOfString
</div>

<div>
<blockquote>
upMembership â€“MemberOf $SecGroup
</blockquote>
Probably related to the encoding of the script file, is it saved in ANSI? 
 
Open the script file in notepad and check the encoding.. You can use the save as option to change the encoding and save the file.
</div>

<div>
Thank you so much for your help.
</div>

<div>
I am looking to schedule this to run. What is the best way to go about that?
</div>

<div>
Also as for the logging, I am looking to log when a user is added to the Security group. How would i do that?
</div>

<div>
You can schedule it on any computer which had Activedirectory module. 
 
Example, following command can be used to trigger a script, you may save this command as a batch (.bat) file and run it from task scheduler.. 

<pre><code class="code-1 nolinks" id="code-20-41870725-1">Powershell.exe -executionpolicy remotesigned -File C:\Script\ADScript.ps1
</code></pre>
Also there are many article available in internet which will help you to do the same.. Just search 

<blockquote>
how to schedule a powershell script in task scheduler
</blockquote>
</div>

<div>
<blockquote>
Also as for the logging, I am looking to log when a user is added to the Security group. How would i do that? 
</blockquote>
This require additional error handling.. Please open new question for additional requests..
</div>

<div>
<div class="content wysiwyg-content">
Hello, 
 
I am trying to schedule a script to run that will only add users to a security group based on the OU they are in. I keep on getting these errors. This is my first attempt at creating a Powershell script so forgive my errors in the code. 
 
Import-Module ActiveDirectory 
 
$OU1 = 'OU=Test_Group,OU=Priviledged_Access,OU=_Users,DC=domain,DC=org' 
$SecGroup = (Get-ADGroup -Identity 'PasswordPolicy').DistinguishedName 
 
Get-ADUser –SearchBase $OU1 –LDAPFilter (&amp;(objectCategory=person)(objectClass=user)!(memberOf=$SecGroup)) | ForEach-Object {Add-ADPrincipalGroupMembership -Identity $_ –MemberOf &quot;$SecGroup&quot;}
</div>
</div>

Hello,

I am trying to schedule a script to run that will only add users to a security group based on the OU they are in. I keep on getting these errors. This is my first attempt at creating a Powershell script so forgive my errors in the code. 

Import-Module ActiveDirectory

$OU1 = 'OU=Test_Group,OU=Priviledged_Access,OU=_Users,DC=domain,DC=org'
$SecGroup = (Get-ADGroup -Identity 'PasswordPolicy').DistinguishedName

Get-ADUser –SearchBase $OU1 –LDAPFilter (&(objectCategory=person)(objectClass=user)!(memberOf=$SecGroup)) | ForEach-Object {Add-ADPrincipalGroupMembership -Identity $_ –MemberOf "$SecGroup"}

PowerShell add users to group based on OU - Schedule script

Windows PowerShell is a task automation and configuration management framework from Microsoft, consisting of a command-line shell and associated scripting language built on the .NET Framework. PowerShell provides full access to the Component Object Model (COM) and Windows Management Instrumentation (WMI), enabling administrators to perform administrative tasks on both local and remote Windows systems as well as WS-Management and Common Information Model (CIM) enabling management of remote Linux systems and network devices.