Adding Multiple Users to a Group in Active Directory Using PowerShell and CSV

Today I picked up a request from an owner of a shared drive asking for a list of her colleagues to be given access to the drive. This required finding the right group in Active Directory and making each person a member of the group.

With a total of 25 people in the list I knocked up a PowerShell script to make things a little easier for myself. The idea was to import a list of login id’s (samAccountNames) from a CSV file and add them to the required group programmatically.

I started with a simple CSV file in Excel as below:

csv-addmultipleusers

And the script itself is only a few lines of code:

# Import active directory module for running AD cmdlets
Import-module ActiveDirectory

#Store the data from UserList.csv in the $List variable
$List = Import-CSV .\UserList.csv

#Loop through user in the CSV
ForEach ($User in $List)
{

#Add the user to the TestGroup1 group in AD
Add-ADGroupMember -Identity TestGroup1 -Member $User.username
}

It was only after I tried running the script that I realised that PowerShell wasn’t installed on that particular server. The principle of “Least Privilege” came to mind and I thought it’s probably for the best for security purposes.

So in the end I added the users to the group in batches of 5 by separating the samAccountNames using simicolons as shown below:

multipleuser-semicolon

Having wrote the script I didn’t want it to go to waste hence this post :)

PS. I tested the script in my own lab at home and it works just fine

Follow Me, Myself and IT on Twitter:

Advertisements

13 thoughts on “Adding Multiple Users to a Group in Active Directory Using PowerShell and CSV

    • Wow! Didn’t know you still visited my blog. Thanks for commenting.

      I’m actually working to improve this to check if the user accounts exists in AD first and then report this in a log file.

  1. # Error Get-ADGroupMember : Cannot find an object with identity: ‘ROLE’ under: ‘DC=xxxxx,DC=net’.
    using

    #if (Get-ADGroup -Identity $GroupAD)

    OK using
    if (Get-ADGroup -Identity $GroupAD -Server $ServerAD)

    Environment: 2 domains.. ADForest

  2. I get an error that it can’t find the user.

    Add-ADGroupMember : Cannot find an object with identity: ‘jdoe ‘ under: ‘DC=XXXX,DC=local’.

    My users are in a non-standard OU a few levels deep. Is there something I need to do in order to tell the script where they are? My CSV is constructed like yours–Username and then a list of the samaccount names.

    • Sounds like you’re possibly passing jdoe as the name of the group – make sure you don’t have the name of the group and usernames the wrong way around.

      Add-ADGroupMember -Identity ENTER-GROUP-NAME-HERE -Member $User.username

      Enter the name of the security group after -identity

  3. I can’t even get this to work. For one -Member isn’t relevant, it should be -Members but I can’t tell where .username is supposed to come from.

  4. Try this it works perfect:

    $grp = ‘GIT_GS_AMU_Windows7_Object ‘

    Import-Module ActiveDirectory
    $comps=Get-Content names.txt

    $grpDN = (get-adgroup $grp).distinguishedname

    foreach ($comp in $comps)
    {$dns=get-aduser $comp
    $b=$dns.distinguishedname
    Add-ADGroupMember -Identity $grpDN -member $dns
    }

  5. Nice! Thank you, this made my current task a lot easier. And if you want to Remove a list of users from the same group, I found that the following works a treat as well:

    #Import active directory module for running AD cmdlets
    Import-module ActiveDirectory

    #Store the data from user.csv in the $List variable
    $List = Import-CSV .\user.csv

    #Loop through user in the CSV
    ForEach ($User in $List)
    {

    #Remove the user to the SecurityGroup group in AD
    Remove-ADGroupMember -Identity SecurityGroup -Member $User.username -Confirm:$false
    }

    The “-Confirm:$false” will prevent the script from prompting you to confirm each time it goes to remove a user, very useful when dealing with a very large list of user accounts.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s