Solved

Powershell: poll users from multiple OUs not in a specific group, and add users to group

Posted on 2016-11-01
2
64 Views
Last Modified: 2016-11-01
I'm trying to write a script that will search for any user across multiple OUs that does not belong to a specified group, and then add them to that group. Here's what I have so far.

$group = (Get-ADGroup 'group').DistinguishedName
#
#
$OUs = "OU=1,DC=domain,DC=local","OU=2,DC=domain,DC=local"
#
#
ForEach ($OU in $OUs) {Get-ADUser -Filter {-not (memberof -eq $group)} -SearchBase $OU}
#
#
ForEach-Object {Add-ADGroupMember -Identity $group -Members $_ }

With what I wrote, I receive an error "Add-ADGroupMember : Cannot validate argument on parameter 'Members'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again."

Adding a pipe to the third line creates an empty pipe element, so I'm not sure how to tie the third and fourth lines. Any suggestions?

Thanks.
0
Comment
Question by:Justin Garner
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 40

Accepted Solution

by:
footech earned 500 total points
ID: 41869050
It'll be more efficient to add all the members with one command, rather than adding each member individually.
$newmembers = ForEach ($OU in $OUs) { Get-ADUser -Filter {-not (memberof -eq $group)} -SearchBase $OU }
Add-ADGroupMember -Identity $group -Members $newmembers

Open in new window


If you don't want your Get-ADUser command to search child OUs, you will need to also specify the -searchscope parameter.
1
 

Author Closing Comment

by:Justin Garner
ID: 41869067
Awesome! Worked like a charm. Thank you very much.

Edit: Actually, it worked as expected with the WhatIf parameter. Executing the command returned an error:

Add-ADGroupMember : The specified account name is already a member of the group
At line:15 char:1
+ Add-ADGroupMember -Identity $group -Members $newmembers
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (CN=group,OU=groups,DC=domainDC=local:ADGroup) [Add-ADGroupMember], ADException
    + FullyQualifiedErrorId : ActiveDirectoryServer:1378,Microsoft.ActiveDirectory.Management.Commands.AddADGroupMember

It seems like perhaps the user filter isn't working?
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Synchronize a new Active Directory domain with an existing Office 365 tenant
A procedure for exporting installed hotfix details of remote computers using powershell
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question