Solved

Powershell: poll users from multiple OUs not in a specific group, and add users to group

Posted on 2016-11-01
2
38 Views
Last Modified: 2016-11-01
I'm trying to write a script that will search for any user across multiple OUs that does not belong to a specified group, and then add them to that group. Here's what I have so far.

$group = (Get-ADGroup 'group').DistinguishedName
#
#
$OUs = "OU=1,DC=domain,DC=local","OU=2,DC=domain,DC=local"
#
#
ForEach ($OU in $OUs) {Get-ADUser -Filter {-not (memberof -eq $group)} -SearchBase $OU}
#
#
ForEach-Object {Add-ADGroupMember -Identity $group -Members $_ }

With what I wrote, I receive an error "Add-ADGroupMember : Cannot validate argument on parameter 'Members'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again."

Adding a pipe to the third line creates an empty pipe element, so I'm not sure how to tie the third and fourth lines. Any suggestions?

Thanks.
0
Comment
Question by:Justin Garner
2 Comments
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 41869050
It'll be more efficient to add all the members with one command, rather than adding each member individually.
$newmembers = ForEach ($OU in $OUs) { Get-ADUser -Filter {-not (memberof -eq $group)} -SearchBase $OU }
Add-ADGroupMember -Identity $group -Members $newmembers

Open in new window


If you don't want your Get-ADUser command to search child OUs, you will need to also specify the -searchscope parameter.
1
 

Author Closing Comment

by:Justin Garner
ID: 41869067
Awesome! Worked like a charm. Thank you very much.

Edit: Actually, it worked as expected with the WhatIf parameter. Executing the command returned an error:

Add-ADGroupMember : The specified account name is already a member of the group
At line:15 char:1
+ Add-ADGroupMember -Identity $group -Members $newmembers
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (CN=group,OU=groups,DC=domainDC=local:ADGroup) [Add-ADGroupMember], ADException
    + FullyQualifiedErrorId : ActiveDirectoryServer:1378,Microsoft.ActiveDirectory.Management.Commands.AddADGroupMember

It seems like perhaps the user filter isn't working?
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Microsoft Windows Server Update Service (WSUS) is free for everyone, but it lacks of some desirable features like send an e-mail to the administrator with the status of all computers on the WSUS server. This article is based on my PowerShell script …
In this previous article (https://oddytee.wordpress.com/2016/05/05/provision-new-office-365-user-and-mailbox-from-exchange-hybrid-via-powershell/), we made basic license assignments to users in O365. When I say basic, the method is the simplest way …
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question