SOLVED

add computers to security group automatically

Copper Contributor

I would like to add computers in AD with names that start with desktop to a security group: testgroup.

We would like to run this powershell command thru scheduled tasks to run every week so that if someone forgets to add the computer to the security group it will be done. Every computer with name desktop must be aded to that group.

 

I have the following:

Get-ADComputer -Filter 'Name -like "desktop*"' -properties displayname | add-adgroupmember -identity "testgroup"

 

When i run this it asks for a members(0)

 

How can we accomplish this?

 

 

 

 

I would like to first test it with desktop1 in stead of *.

12 Replies

@Surfer10 

Use the following

(Get-ADComputer -Filter 'Name -like "Desktop*"' -properties displayname).foreach{add-adgroupmember -identity "MyADGROUP" -Members $_.SamAccountName}

 

Please remember that computer object should have at their end $, otherwise it will be considered as ad user account.

 

 

--------------

If you find this answer helpfull , Click on best response and give like

 

@farismalaeb 

 

Hi, this is what i get:

 

 

Method invocation failed because [Microsoft.ActiveDirectory.Management.ADComputer] does not contain a method named 'foreac
h'.
At line:1 char:1
+ (Get-ADComputer -Filter 'Name -like "desktop1*"' -properties displayname ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (foreach:String) [], RuntimeException
+ FullyQualifiedErrorId : MethodNotFound

 

 

Must there be a $ at desktop1$

@Surfer10 

When i put $ ehind the computername the error does not appear but it does also not adding the computer to the security group, just tested with "desktop1$"

When i do this:

Get-ADComputer -Filter 'Name -like "desktop1"' -properties displayname

 

The properties of the computer appears so thats okay.

 

 

@Surfer10 

@Surfer10 

it seems that you are using an old version of Powershell 

Try this

$AllPC=Get-ADComputer -Filter 'Name -like "Desktop*"' -properties displayname

foreach($SinglePC in $AllPC){
add-adgroupmember -identity "MyADGROUP" -Members $SinglePC.SamAccountName
}

@farismalaeb 

 

I think it is version on a WIndows Server 2012 en the version on my WIndows 10 client is 5 i believe, which comes standard with Windows 10.

 

On both Powershell versions the last is also not working, it gives no error but it does nothing, i hope you have some more suggetions:

 

$AllPC=Get-ADComputer -Filter 'Name -like "desktop1"' -properties displayname

foreach($SinglePC in $AllPC){
add-adgroupmember -identity "testgroup" -Members $SinglePC.SamAccountName
}

best response confirmed by Surfer10 (Copper Contributor)
Solution

@Surfer10 

did you add the * after the desktop1

try this small change

$AllPC=Get-ADComputer -Filter 'SamAccountName -like "desktop*"'

Yes thank you now it works! @farismalaeb 

Hi, do you know whcih version i need for the other commands to work is that powershell version 7?

 

 

Now tht the script works is there also a way to exclude some names with DESKTOPNR?

 

I would like to run this command every week so that computers which are not a member of the testgroup will be added as member but there are 10 computers with the name dekstop111, desktop112,desktop250 and so 10 total.

 

Is it possible to exclude these, these 10 computers must be added to another group: prodgroup.

@Surfer10 

Its Powershell and everything is doable, but first, you need to think about it,

Logically what is the common thing between this computer object and build the filter based on that.

I would suggest updating a computer object attrib or custom attrib then exclude these object with these attrib from the query.

 

 

ADD-ADGroupMember -identity “NAME OF YOUR GROUP” –members “$env:computername$”

Comments:
The "" can be taken literally
“$env:computername$” = this is a variable that will add the Computer that the script is running on to your specified Group
1 best response

Accepted Solutions
best response confirmed by Surfer10 (Copper Contributor)
Solution

@Surfer10 

did you add the * after the desktop1

try this small change

$AllPC=Get-ADComputer -Filter 'SamAccountName -like "desktop*"'

View solution in original post