Assigning groups to AD user.

Iron Contributor

Hello everyone, 

 

I have the following situation:

 

In my work we are always hiring people and depending on their position they may be assigned to different groups.

 

So the process of creating users and assigning them to groups has become a nightmare because my team always gets it wrong, so I either have to add or remove a group.

 

So it occurred to me to create a kind of template to make sure that when they create a user for a specific area they put the groups that corresponds, however still have been wrong, so it occurred to me that it might be possible to create that template in files and through a PowerShell script assign the groups to the user, is that possible?

 

Thank you in advance, 

 

 

2 Replies

@ADumith You could use something like:

 

$user=Read-Host "Enter SamAccountName"

foreach ($group in Get-Content c:\data\groups.txt) {

Add-ADGroupMember -Identity $group -Members $user

}

 

This will prompt for a username and add all the groups from the groups.txt file to that user.

Dont use templates but build a proper security matrix.

If you have a security matrix you can also consider using an identity provisioning system like Microsoft Identity Manager (free when m365 e5 licenses are present) or a tool like Adaxes or HelloId

Otherwise train the engineer that is creating users.

It all starts with input en proper security index. Dont try to solve human error with a script because that is endless