Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 122
  • Last Modified:

Powershell: poll users from multiple OUs not in a specific group, and add users to group

I'm trying to write a script that will search for any user across multiple OUs that does not belong to a specified group, and then add them to that group. Here's what I have so far.

$group = (Get-ADGroup 'group').DistinguishedName
#
#
$OUs = "OU=1,DC=domain,DC=local","OU=2,DC=domain,DC=local"
#
#
ForEach ($OU in $OUs) {Get-ADUser -Filter {-not (memberof -eq $group)} -SearchBase $OU}
#
#
ForEach-Object {Add-ADGroupMember -Identity $group -Members $_ }

With what I wrote, I receive an error "Add-ADGroupMember : Cannot validate argument on parameter 'Members'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again."

Adding a pipe to the third line creates an empty pipe element, so I'm not sure how to tie the third and fourth lines. Any suggestions?

Thanks.
0
Justin Garner
Asked:
Justin Garner
1 Solution
 
footechCommented:
It'll be more efficient to add all the members with one command, rather than adding each member individually.
$newmembers = ForEach ($OU in $OUs) { Get-ADUser -Filter {-not (memberof -eq $group)} -SearchBase $OU }
Add-ADGroupMember -Identity $group -Members $newmembers

Open in new window


If you don't want your Get-ADUser command to search child OUs, you will need to also specify the -searchscope parameter.
1
 
Justin GarnerAuthor Commented:
Awesome! Worked like a charm. Thank you very much.

Edit: Actually, it worked as expected with the WhatIf parameter. Executing the command returned an error:

Add-ADGroupMember : The specified account name is already a member of the group
At line:15 char:1
+ Add-ADGroupMember -Identity $group -Members $newmembers
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (CN=group,OU=groups,DC=domainDC=local:ADGroup) [Add-ADGroupMember], ADException
    + FullyQualifiedErrorId : ActiveDirectoryServer:1378,Microsoft.ActiveDirectory.Management.Commands.AddADGroupMember

It seems like perhaps the user filter isn't working?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now