Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Error Importing Computer Accounts From a Text File using Add-ADGroupMember

Posted on 2016-10-15
29
Medium Priority
?
73 Views
Last Modified: 2016-10-16
I have a text file with over 100 computer accounts which I am trying to add to a Global group. I have already declared my variable that reads the context of the text file and confirmed it is working.  When I use the syntax below though to added the account to a group I get the message: "Add-ADGroupMember : Cannot find an object with identity: 'AR641G' under: 'DC=Domain,DC=Domain1,DC=COM'

Add-ADGroupMember -Identity GlobalGroup1 -Member $devices -WhatIf

I have an empty parent domain and all counts are in the child domain which I am running the command from. I have read article online stating the -members property can only accept: DN,GUID or SID's and not just the name field is this correct and another stating that an array needs to be used? Which is correct? I am still not that strong in powershell so if someone could point me in the right direction would be very much appreciated.
0
Comment
Question by:compdigit44
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 17
  • 11
29 Comments
 
LVL 23

Expert Comment

by:yo_bee
ID: 41845093
Can you post your full script.

Here is an example that you want to follow.

$grp = 'GroupName'

Import-Module ActiveDirectory 
$comps=Get-Content names.txt 

$grpDN = (get-adgroup $grp).distinguishedname

foreach ($comp in $comps)
{$dns=get-aduser $comp
$b=$dns.distinguishedname
Add-ADGroupMember -Identity  $grpDN -member $dns 
}

Open in new window

0
 
LVL 20

Author Comment

by:compdigit44
ID: 41845236
My whole script is are the two lines below
$devices =get-content C:\workstationlist.txt
Add-ADGroupMember -Identity GlobalGroup1 -Member $devices

Open in new window


What do I need to do a foreach loop? Can I run the script you listed using -whatif first?
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 41845254
$devices =get-content C:\workstationlist.txt
Foreach ($device in $devices) 
{Add-ADGroupMember -Identity GlobalGroup1 -Member $devices
}

Open in new window

0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
LVL 20

Author Comment

by:compdigit44
ID: 41845260
Thanks!!!! for my own understanding, why do I need to do a foreach loop
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 41845263
The $devices is your first step to build your array and the foreach loop goes through the array.

So $devices contains all the usernames you want to apply.

By you doing what you had without the loop actions the $devices is one big string that does not match any AD objects.

Does that help?
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 41845264
Also the -whatif would need to be nested at the end of the Add-adgroupmemeber -identity groupname -name $device -whatif. The -whatif is for testing and nothing applies when you run it.
0
 
LVL 41

Expert Comment

by:footech
ID: 41845291
The help for the cmdlet describes what is needed for the -Identity and -Members parameters.  Here's a couple extracted bits.  And yes, you can submit an array for the -Members.
You can identify a group by its distinguished name (DN), GUID, security identifier (SID) or Security Accounts Manager (SAM) account name.

 You can identify a new member by its distinguished name (DN), GUID, security identifier (SID) or SAM account name.

It's more efficient to submit all the members as a single array in one Add-ADGroupMember command, rather than running the command once for each member.  However, since you're getting the members from a file, I see the possibility that some of the entries may not be valid (depending on how the file came to be).  And if that's the case, I haven't tested (or at least I haven't in recent memory) whether an invalid member(s) causes the entire command to fail, or if it just fails adding the invalid member.  If the entire command fails, then looping through the (potential) members one at a time and adding them at least allows the command to succeed for all valid members.

BTW, in yo_bee's last code post, on line 3, $devices should be $device.
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 41845294
Thanks for the catch.
0
 
LVL 20

Author Comment

by:compdigit44
ID: 41845669
Wow thank you both... I was under the assumption that if I read a text file into memory I could easily reference it in Add-ADGroupMember but I guess not.

I tried using the syntax that yo_bee posted earlier and not the same error..
$devices =get-content C:\workstationlist.txt
Foreach ($device in $devices) 
{Add-ADGroupMember -Identity GlobalGroup1 -Member $devices
}

Open in new window

0
 
LVL 23

Expert Comment

by:yo_bee
ID: 41845673
You need to loop through that data.  This would be the case with any scripting.
Anytime you have a list of items you need to say "I want to do this for each item".

Good luck
Edited:

$devices =get-content C:\workstationlist.txt
Foreach ($device in $devices) 
{Add-ADGroupMember -Identity GlobalGroup1 -Member $device
}

Open in new window

0
 
LVL 20

Author Comment

by:compdigit44
ID: 41845675
Same error ...:-(
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 41845686
can you post your Txt File?
0
 
LVL 20

Author Comment

by:compdigit44
ID: 41845692
Here you go..
devies.txt
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 41845695
Are you using standard powershell or Active Dircetory version?

If you are using the standard Powershell you need to import the ActiveDirectory Module

Add to the top your script.
Import-module ActiveDirectory
0
 
LVL 23

Accepted Solution

by:
yo_bee earned 2000 total points
ID: 41845699
Try this
Import-Module ActiveDirectory

$devices = Get-Content -Path 'C:\Users\xxxxx\Downloads\Computers.txt'
$grp = (Get-ADGroup -Identity 'Trial_Team').distinguishedname

Foreach ($Device in $devices)

{
$DN = (Get-ADComputer -Identity $device).distinguishedname

Add-ADGroupMember -Identity $grp -Members $dn}

Open in new window

0
 
LVL 20

Author Comment

by:compdigit44
ID: 41845712
Thanks here is the message I am getting now...

Get-ADComputer : Cannot validate argument on parameter 'Identity'. The argument is null. Provide a valid value for th
argument, and then try running the command again.
At C:\AddingDevicesFromFileToGroup.ps1:9 char:33
+ $DN = (Get-ADComputer -Identity $device).distinguishedname
+                                 ~~~~~~~
    + CategoryInfo          : InvalidData: (:) [Get-ADComputer], ParameterBindingValidationException
    + FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.GetADCom
   uter

Add-ADGroupMember : Cannot find an object with identity: 'A43TR' under: 'DC=Domain,DC=Domain1,DC=COM'.
At C:\AddingDevicesFromFileToGroup.ps1:11 char:1
+ Add-ADGroupMember -Identity $grp -Members $workstation -whatif}
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ObjectNotFound: (A43TR1:ADPrincipal) [Add-ADGroupMember], ADIdentityNotFoundException
    + FullyQualifiedErrorId : SetADGroupMember.ValidateMembersParameter,Microsoft.ActiveDirectory.Management.Commands
   AddADGroupMember
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 41845718
Do you have the AD powershell installed on the computer you are running it from?
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 41845719
Please post your script as well.
0
 
LVL 20

Author Comment

by:compdigit44
ID: 41845727
Yes AD powershell is installed on my workstation... Below is the content of the powershell script I am using...

Import-Module ActiveDirectory

$devices = Get-Content -Path 'C:\workstations.txt'
$grp = (Get-ADGroup -Identity 'ExternalTESTing').distinguishedname

Foreach ($workstation in $devices)

{
$DN = (Get-ADComputer -Identity $device).distinguishedname

Add-ADGroupMember -Identity $grp -Members $workstation -whatif}

Open in new window

0
 
LVL 23

Expert Comment

by:yo_bee
ID: 41845730
Change $workstation to $DN
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 41845731
On the the line with ADD-Adgroupmember
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 41845733
The $grp and $dn is getting the DistinguishedName attribute parsed for the Add-Groupmember cmdlet part so you do not get those errors
0
 
LVL 20

Author Comment

by:compdigit44
ID: 41845746
Getting same exact message as I posted before and this is after making the changes you recommended
0
 
LVL 20

Author Comment

by:compdigit44
ID: 41845753
I got it I had a typo!!!

I found when doing the -whatif it only states performing set action then the DN of the group but does not list the devices that would have been added
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 41845768
If you have concern, I would create a test group and run it against that group to see if it adds the objects.

I ran my test script successfully so you should have no issues if you follow my script.
0
 
LVL 20

Author Comment

by:compdigit44
ID: 41845775
I ran the script as well. I just though whatif would like on screen all devices that it would be adding... :o)
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 41845779
I just tested the script with -whatif it just states it is set perform on the group.

I would try this on a test group without the -whatif
0
 
LVL 20

Author Comment

by:compdigit44
ID: 41845794
The script does work as I already testing it I was just confused as to the results of the whatif and expected more output...

Thanks again..
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 41845795
Glad to help.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

660 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question