The Sysadmins

Tips and tricks from the Sysadmins

Bulk Add Users to an AD Security Group from a CSV

Just a short post to demonstrate an easy method to bulk add objects to a security group in Active Directory using only one line of power shell.

To do this we’ll just need the following prerequisites:

  • PowerShell (In case you’re using a pre Win7/2008R2 platform), free download from Microsoft here.
  • Quest Powertools Active Directory Plugins, now called ‘Quest ActiveRoles Management Shell’. Also a free download, no Quest products are required for this and they can be found on the Quest site here.

Install the above, this may seem a little laborious to achieve such a simple task, however the above components are an enabler for a whole host of other Active Directory management scripts. Once installed, alter the security policy of the computer to allow unsigned scripts to be executed* and install the Quest AD commandlets..

set-executionpolicy unrestricted

add-PSSnapin quest.activeroles.admanagement

Next, prepare a text file (CSV) with a list of SAMaccountname values for users within your domain you want to add to a security group. In this instance it doesn’t matter if there are any commas in the file since we are only using one column of values, ensure each username entry is on a new line.

Finally, simply import the list of users from the CSV file with the following line of PowerShell script in the PowerShell console, swapping out ‘filename.csv’ with the name of your file and ‘GS-GroupName’ with the security group you wish to add users to..

Get-Content filename.csv | Add-QADGroupMember “GS-GroupName”

PowerShell should return a list of the users added to the security group like so:

* For those with a high regard for security, it is generally not advised to allow unsigned scripts to run on your computer or server, however PowerShell security is beyond the scope of this article. You can set the security policy back to AllSigned once you are done with the following command..

Set-ExecutionPolicy AllSigned

More information for those new to PowerShell can be found on this article on MS TechNet.

6 Comments

  1. Pretty helpfull info. Just wondering. Is there a way perhaps to have a cvs file with both sAMAccountname & memberOf data in one sheet, and running a similar command to have Powershell import all users into the groups referred to within the memberOf tab?

    I got for example 242 users who each have an average of 70 member groups, totalling 18k groups total. This is inherited from a current infrastructure. Client is migrating away from parent company, but needs to retain all this chaos, as it is too hard to fix right now. Problem is importing the current data from the old domain into new domain. Having to run the above command 18.000 times manually is simply not a desired option.

  2. David Carriere

    April 2, 2012 at 3:11 pm

    I used this approach to load servers into a security group for patching but using:

    get-content c:\posh\patching\sms_cycle2_wed_netb.txt | add-qadgroupmember “sms_cycle2_wed”

    generated an error on some servers
    Add-QADGroupMember : Ambiguous identity: .

    I needed to use this:

    get-content c:\posh\patching\sms_cycle2_wed_netb.txt | foreach-object { get-qadcomputer $_ | add-qadgroupmember -Identity sms_cycle2_wed }

    And then it worked like a charm.

  3. New to powershell so still learning, but in order for the above to work would i need to run it from the domain that houses the active directory or can i run this from my machine?
    Thanks

    • Tom@thesysadmins.co.uk

      April 23, 2012 at 7:16 pm

      Hi Doug

      The machine you run it from will need to be on the domain and the user account you’re running under must have suitable permissions within Active Directory.

Leave a Reply

Your email address will not be published.

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.