Avatar of Darrin Crawford
Darrin Crawford
 asked on

AD Tool/Script Populate Security Groups Automatically

Looking for a simplistic tool/script to auto populate Security Group(s) in AD.

So the tool/script scans each User and if a particular Security Group(s) isn't in their Member of List, it gets populated.
Obviously need this run automatically every few days
VB ScriptWindows Server 2012Active DirectorySecurity

Avatar of undefined
Last Comment
Darrin Crawford

8/22/2022 - Mon
Chris Dent

There are a few variations on this theme you might use. It uses the MS ActiveDirectory PowerShell module. Searches for everyone who isn't in the group, and adds them.
Get-ADUser -Filter { memberOf -ne 'CN=yourgroup,OU=somewhere,DC=domain,DC=local } | ForEach-Object {
    Add-ADGroupMember -Identity yourgroup -Member $_.DistinguishedName
}

Open in new window

The search might be a bit more constrained than that of course.
ASKER CERTIFIED SOLUTION
Rajul Raj

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Darrin Crawford

ASKER
getting multiple errors from line 16
ForEach ($Child In $arrChildren)
  # Only consider user objects.
  If ($Child.Class -eq "user")  
    # Add all users in the OU to the hash table.
    $List.Add($Child.distinguishedName, $True)
    # Check if user a member of the group.
    If ($Group.IsMember($Child.ADsPath) -eq $False)
    {
      # Add the user to the group.
      $Group.Add($Child.ADsPath)
      "Added " + $Child.distinguishedName



PS C:\Windows\system32> C:\Users\darrin.crawford\Documents\Powershell_AD_Confluence Check.ps1
At C:\Users\darrin.crawford\Documents\Powershell_AD_Confluence Check.ps1:16 char:33
+ ForEach ($Child In $arrChildren)
+                                 ~
Missing statement body in foreach loop.
At C:\Users\darrin.crawford\Documents\Powershell_AD_Confluence Check.ps1:18 char:30
+   If ($Child.Class -eq "user")
+                              ~
Missing statement block after If ( condition ).
    + CategoryInfo          : ParserError: (:) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : MissingForeachStatement
Chris Dent

You've stripped out "{" characters all over the place. They're not there as decoration.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Darrin Crawford

ASKER
Apologies, I didn't see the full script.

It is now working but has removed all users from this particular Security Group!!
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Darrin Crawford

ASKER
ok, got it, I needed to dig down into my OUs.

Thanks for your help
Darrin Crawford

ASKER
Thanks for the prompt reponses
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.