Techibee.com

PowerShell: Add Users to Group in Active Directory

Adding a User to Group in Active Directory is simple task and matter of one liner in most cases. However, building a script that can take multiple users as input and add them to a group is not equally simple. At the same time, it is not difficult as well. In this post, I will take you through a PowerShell script that adds given list of users to a group in Active Directory.

This script assumes that your user accounts and group are in same domain and you are running the script from a server/desktop which is also part of that domain. If you have a need for adding users from other domains to a group in different domain, drop a comment in this post, I will update the script to match your requirement on best effort basis.

Ok, let us go straight to the topic. We will leverage cmdlets from ActiveDirectory PowerShell module to achieve this.  Especially Add-ADGroupMember cmdlet to perform the addition of user to group.

Copy the below code into a file called Add-ADUserToGroup.ps1 file and save it.

Code

[CmdletBinding()]
param(
    [parameter(Mandatory=$true)]
    [string[]]$UserName,
    [parameter(Mandatory=$true)]
    [string]$GroupName
)

Import-Module ActiveDirectory
try {
    $GroupObj = Get-ADGroup -identity $GroupName -EA stop
} catch {
    Write-Warning "$GroupName : Group not found in Active Directory1"
    return
}

foreach($userid in $UserName){
    try {
        $userobj = Get-ADUser -identity $userid.trim() -EA 0
        if(!$userobj) {
            Write-Warning "$userid : This account is not found"
            continue
        }
        Add-ADGroupMember -identity $GroupObj -Members $userobj -EA 0
        Write-host "$userid : Successfully added to $GroupName" -ForegroundColor Green
    } catch {
        Write-Warning "$userid : Failed to add to the group"
    }
}

Usage instructions:

Using the script is easy. It takes 2 mandatory parameters.

  1. UserName : List of User names that you want to add it. This is same as user login ID(SamAccountName). You can provide single user name or multiple user names.
  2. GroupName: Name of the AD group to which you want to add the users.

Now let us see some usage scenarios. Throughout these examples we will use a group named “Sales Team Us” to perform the additions.

Add a single user to group:

Let us say you want to add user named labuser1000 into the Sales Team US group, use the below command.

Add-ADUserToGroup.ps1 -UserName labuser100 -GroupName "Sales Team US"

Add multiple users to group:

Let us say you want to add users names labuser100,labuser101 and labuser203 to Sales Team US group, then use the below command.

Add-ADUserToGroup.ps1 -UserName labuser100,labuser101,labuser203,nosuchuser -GroupName "Sales Team US"

Add users from text file to group:

In case you have a set of users which you have a text file(one user name per line) and you want to add them to Sales Team US group, then use the below commands. As you can see we are first reading the user names from text file into a variable called $users and then passing it to the script.

$users = Get-Content C:\users.txt
Add-ADUserToGroup.ps1 -UserName $users -GroupName "Sales Team US"

Any other use case you have in mind? Write in comments section.

Exit mobile version