Adding AD users to a specific security group
Hi Everyone, Sorry if this question has already been asked as I couldn't find an answer. I’m trying to write a PowerShell script that runs as a scheduled task to add AD users to a specific AD security group. The goal is for this to run daily. The script will first check the users' OU to determine if they are already members of the security group. If they are, it will skip them; if they are not members, it will add them to the group. I have created the following script, but I’m unsure if it's the best approach. Additionally, can this script be executed on a server that doesn’t have Active Directory installed? If AD must be installed, would it be ideal to run it on a Domain Controller? # Check if Active Directory module is already imported, import only if necessary if (-not (Get-Module -Name ActiveDirectory)) { Import-Module ActiveDirectory } # Define the base OU and security group $BaseOU = "OU=W11_USERS,DC=W11,DC=NET" $SecurityGroup = "HR" # Get all users from W11_USERS and its sub-OUs $Users = Get-ADUser -SearchBase $BaseOU -SearchScope Subtree -Filter * # Loop through each user and check group membership before adding foreach ($User in $Users) { $UserDN = $User.DistinguishedName # Check if user is already a member of HR $IsMember = Get-ADGroupMember -Identity $SecurityGroup | Where-Object { $_.DistinguishedName -eq $UserDN } if (-not $IsMember) { Try { Add-ADGroupMember -Identity $SecurityGroup -Members $User -ErrorAction Stop Write-Host "Added $($User.SamAccountName) to $SecurityGroup" -ForegroundColor Green } Catch { Write-Host "Failed to add $($User.SamAccountName): $_" -ForegroundColor Red } } else { Write-Host "$($User.SamAccountName) is already a member of $SecurityGroup" -ForegroundColor Yellow } } Write-Host "User addition process completed."
Get users from CSV, foreach user, get country, name, etc., then Export
Hi! I have a problem with PS query. I have a CSV file with +1000 userprincipalname. Id like to export that UPN and for each user get info like userprincipalname, title, country, department, enabled, then export to excel. My example queries: $csv = gc "C:\New folder\Users.csv" $Users=@() $csv | Foreach{ $elements=$_ -split(";") $Users+= ,@($elements[0]) } ForEach ($User in $Users) { Get-ADUser -filter "userPrincipalName -eq '$User'" -Properties * | Select-Object userprincipalname, title, country, department, enabled } OR $Users = Get-contect -path "C:\New folder\Users.csv" ForEach ($User in $Users) { Get-ADUser -filter "userPrincipalName -eq '$User'" -Properties * | Select-Object userprincipalname, title, country, department, enabled } OR $Users = Get-contect -path "C:\New folder\Users.csv" ForEach ($User in $Users) { Get-ADUser -filter $User -Properties * | Select-Object userprincipalname, title, country, department, enabled } My excel has UPN only, like: email address removed for privacy reasons email address removed for privacy reasons etc. No headers. Someone will help? 😞Help with PS script for computers in AD onprem
Hi guys, I want to automate a task by adding new computers to the domain. By default, they appear in Computers OU and we have different OUs per office and computers. My idea is a script to run every 20 min as scheduled tasks which will check for new computers in the computers OU and then move computers to specific OU based on the name of the PC. For example, when a computer name begins with BN1-N- then it will be moved to Notebooks OU in BN1 OU, when computer name begins with KN1-W- then it will be moved to Workstations OU in KN1 OU and so on. All solutions were related to Identity with specific computer name. Is it possible to be done? Thanks
Assigning groups to AD user.
Hello everyone, I have the following situation: In my work we are always hiring people and depending on their position they may be assigned to different groups. So the process of creating users and assigning them to groups has become a nightmare because my team always gets it wrong, so I either have to add or remove a group. So it occurred to me to create a kind of template to make sure that when they create a user for a specific area they put the groups that corresponds, however still have been wrong, so it occurred to me that it might be possible to create that template in files and through a PowerShell script assign the groups to the user, is that possible? Thank you in advance,