Just a short post to demonstrate an easy method to bulk add objects to a security group in Active Directory using only one line of power shell.
To do this we’ll just need the following prerequisites:
- PowerShell (In case you’re using a pre Win7/2008R2 platform), free download from Microsoft here.
- Quest Powertools Active Directory Plugins, now called ‘Quest ActiveRoles Management Shell’. Also a free download, no Quest products are required for this and they can be found on the Quest site here.
Install the above, this may seem a little laborious to achieve such a simple task, however the above components are an enabler for a whole host of other Active Directory management scripts. Once installed, alter the security policy of the computer to allow unsigned scripts to be executed* and install the Quest AD commandlets..
set-executionpolicy unrestricted
add-PSSnapin quest.activeroles.admanagement
Next, prepare a text file (CSV) with a list of SAMaccountname values for users within your domain you want to add to a security group. In this instance it doesn’t matter if there are any commas in the file since we are only using one column of values, ensure each username entry is on a new line.
Finally, simply import the list of users from the CSV file with the following line of PowerShell script in the PowerShell console, swapping out ‘filename.csv’ with the name of your file and ‘GS-GroupName’ with the security group you wish to add users to..
Get-Content filename.csv | Add-QADGroupMember “GS-GroupName”
PowerShell should return a list of the users added to the security group like so:
* For those with a high regard for security, it is generally not advised to allow unsigned scripts to run on your computer or server, however PowerShell security is beyond the scope of this article. You can set the security policy back to AllSigned once you are done with the following command..
Set-ExecutionPolicy AllSigned
More information for those new to PowerShell can be found on this article on MS TechNet.
January 23, 2012 at 9:48 pm
Pretty helpfull info. Just wondering. Is there a way perhaps to have a cvs file with both sAMAccountname & memberOf data in one sheet, and running a similar command to have Powershell import all users into the groups referred to within the memberOf tab?
I got for example 242 users who each have an average of 70 member groups, totalling 18k groups total. This is inherited from a current infrastructure. Client is migrating away from parent company, but needs to retain all this chaos, as it is too hard to fix right now. Problem is importing the current data from the old domain into new domain. Having to run the above command 18.000 times manually is simply not a desired option.
April 2, 2012 at 3:11 pm
I used this approach to load servers into a security group for patching but using:
get-content c:\posh\patching\sms_cycle2_wed_netb.txt | add-qadgroupmember “sms_cycle2_wed”
generated an error on some servers
Add-QADGroupMember : Ambiguous identity: .
I needed to use this:
get-content c:\posh\patching\sms_cycle2_wed_netb.txt | foreach-object { get-qadcomputer $_ | add-qadgroupmember -Identity sms_cycle2_wed }
And then it worked like a charm.
September 24, 2013 at 5:00 pm
Worked perfectly
April 16, 2012 at 11:22 am
New to powershell so still learning, but in order for the above to work would i need to run it from the domain that houses the active directory or can i run this from my machine?
Thanks
April 23, 2012 at 7:16 pm
Hi Doug
The machine you run it from will need to be on the domain and the user account you’re running under must have suitable permissions within Active Directory.
May 28, 2012 at 9:38 am
Very userfull.. Try it..
http://gallery.technet.microsoft.com/New-User-Creation-tool-14fa73cd/view/Discussions