Solved

Powershell: poll users from multiple OUs not in a specific group, and add users to group

Posted on 2016-11-01
2
19 Views
Last Modified: 2016-11-01
I'm trying to write a script that will search for any user across multiple OUs that does not belong to a specified group, and then add them to that group. Here's what I have so far.

$group = (Get-ADGroup 'group').DistinguishedName
#
#
$OUs = "OU=1,DC=domain,DC=local","OU=2,DC=domain,DC=local"
#
#
ForEach ($OU in $OUs) {Get-ADUser -Filter {-not (memberof -eq $group)} -SearchBase $OU}
#
#
ForEach-Object {Add-ADGroupMember -Identity $group -Members $_ }

With what I wrote, I receive an error "Add-ADGroupMember : Cannot validate argument on parameter 'Members'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again."

Adding a pipe to the third line creates an empty pipe element, so I'm not sure how to tie the third and fourth lines. Any suggestions?

Thanks.
0
Comment
Question by:Justin Garner
2 Comments
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 41869050
It'll be more efficient to add all the members with one command, rather than adding each member individually.
$newmembers = ForEach ($OU in $OUs) { Get-ADUser -Filter {-not (memberof -eq $group)} -SearchBase $OU }
Add-ADGroupMember -Identity $group -Members $newmembers

Open in new window


If you don't want your Get-ADUser command to search child OUs, you will need to also specify the -searchscope parameter.
1
 

Author Closing Comment

by:Justin Garner
ID: 41869067
Awesome! Worked like a charm. Thank you very much.

Edit: Actually, it worked as expected with the WhatIf parameter. Executing the command returned an error:

Add-ADGroupMember : The specified account name is already a member of the group
At line:15 char:1
+ Add-ADGroupMember -Identity $group -Members $newmembers
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (CN=group,OU=groups,DC=domainDC=local:ADGroup) [Add-ADGroupMember], ADException
    + FullyQualifiedErrorId : ActiveDirectoryServer:1378,Microsoft.ActiveDirectory.Management.Commands.AddADGroupMember

It seems like perhaps the user filter isn't working?
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
A procedure for exporting installed hotfix details of remote computers using powershell
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now