Just a short post to demonstrate an easy method to bulk add objects to a security group in Active Directory using only one line of power shell.

To do this we’ll just need the following prerequisites:

  • PowerShell (In case you’re using a pre Win7/2008R2 platform), free download from Microsoft here.
  • Quest Powertools Active Directory Plugins, now called ‘Quest ActiveRoles Management Shell’.¬†Also a free download, no Quest products are required for this and they can be found on the Quest site here.

Install the above, this may seem a little laborious to achieve such a simple task, however the above components are an enabler for a whole host of other Active Directory management scripts. Once installed, alter the security policy of the computer to allow unsigned scripts to be executed* and install the Quest AD commandlets..

set-executionpolicy unrestricted

add-PSSnapin quest.activeroles.admanagement

Next, prepare a text file (CSV) with a list of SAMaccountname values for users within your domain you want to add to a security group. In this instance it doesn’t matter if there are any commas in the file since we are only using one column of values, ensure each username entry is on a new line.

Finally, simply import the list of users from the CSV file with the following line of PowerShell script in the PowerShell console, swapping out ‘filename.csv’ with the name of your file and ‘GS-GroupName’ with the security group you wish to add users to..

Get-Content filename.csv | Add-QADGroupMember “GS-GroupName”

PowerShell should return a list of the users added to the security group like so:

* For those with a high regard for security, it is generally not advised to allow unsigned scripts to run on your computer or server, however PowerShell security is beyond the scope of this article. You can set the security policy back to AllSigned once you are done with the following command..

Set-ExecutionPolicy AllSigned

More information for those new to PowerShell can be found on this article on MS TechNet.