Solved

Powershell: poll users from multiple OUs not in a specific group, and add users to group

Posted on 2016-11-01
2
28 Views
Last Modified: 2016-11-01
I'm trying to write a script that will search for any user across multiple OUs that does not belong to a specified group, and then add them to that group. Here's what I have so far.

$group = (Get-ADGroup 'group').DistinguishedName
#
#
$OUs = "OU=1,DC=domain,DC=local","OU=2,DC=domain,DC=local"
#
#
ForEach ($OU in $OUs) {Get-ADUser -Filter {-not (memberof -eq $group)} -SearchBase $OU}
#
#
ForEach-Object {Add-ADGroupMember -Identity $group -Members $_ }

With what I wrote, I receive an error "Add-ADGroupMember : Cannot validate argument on parameter 'Members'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again."

Adding a pipe to the third line creates an empty pipe element, so I'm not sure how to tie the third and fourth lines. Any suggestions?

Thanks.
0
Comment
Question by:Justin Garner
2 Comments
 
LVL 39

Accepted Solution

by:
footech earned 500 total points
ID: 41869050
It'll be more efficient to add all the members with one command, rather than adding each member individually.
$newmembers = ForEach ($OU in $OUs) { Get-ADUser -Filter {-not (memberof -eq $group)} -SearchBase $OU }
Add-ADGroupMember -Identity $group -Members $newmembers

Open in new window


If you don't want your Get-ADUser command to search child OUs, you will need to also specify the -searchscope parameter.
1
 

Author Closing Comment

by:Justin Garner
ID: 41869067
Awesome! Worked like a charm. Thank you very much.

Edit: Actually, it worked as expected with the WhatIf parameter. Executing the command returned an error:

Add-ADGroupMember : The specified account name is already a member of the group
At line:15 char:1
+ Add-ADGroupMember -Identity $group -Members $newmembers
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (CN=group,OU=groups,DC=domainDC=local:ADGroup) [Add-ADGroupMember], ADException
    + FullyQualifiedErrorId : ActiveDirectoryServer:1378,Microsoft.ActiveDirectory.Management.Commands.AddADGroupMember

It seems like perhaps the user filter isn't working?
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Configurire Storage Pool via Powershell 8 35
sccm client without collection 1 40
Powershell knowledge 2 29
Simple Q for someone 3 17
Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Synchronize a new Active Directory domain with an existing Office 365 tenant
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now