[Solved]Adding users into groups from CSV file

This topic contains 10 replies, has 4 voices, and was last updated by  Lev Leiderman 2 months ago.

  • Author
    Posts
  • #97037

    Lev Leiderman
    Participant

    Hi guys,
    maby i define the quastion in wrong way so, i'm sorry for that.

    i have a script which is creating users from a CSV file, in that same CSV file i have a header which named "groups"
    for each user i've written the groups that it need to be joined, using the "Add-ADPrincipalGroupMembership" which is supposed to be used for adding one user for multiple groups.

    It working great when i use it for indevidual user that's mean for me that my syntax is correct, but i'm missing something and here is where i need your help

    now here is my quastion:

    1) Do i need to creat indevidual geader for each group in the CSV file? or there is a way to make the
    "Add-ADPrincipalGroupMembership" CmdLet to read all the comma seporated groups? (if i think about that in the Power Shell way, i'll guess that i need to creat each header for each group?)

    i'm adding my code and the CSV headers for better understanding:

    Headers from the CSV file:
    "First Name, Last Name, SamAccountName, UserPrincipalName, DisplayName, Job Title, Department, Description, Path, ScriptPath, Groups"

    Groups under the appropriate
    the groups written like that in each raw under the "Groups" header: "VPN,NY branch,HR,Terminal Server Users"

    here is my code

    cls
    #get the csv file
    $filepath = import-csv "C:\users.csv"
    
    #set the variable for the uers
    $newusers = $filepath
    
    #set Passwords for new users 
    
    $securepassword = ConvertTo-SecureString "blahblah" -AsPlainText -Force
    
    #start the loop for adding users
    
    foreach ($user in $newusers) {
    
    
    #get user information
    
    $firstname = $user.'First Name'.Trim()
    $lastname = $user.'Last Name'.Trim()
    $loginname= $user.SamAccountName
    $UsrPrincipalName = $user.UserPrincipalName
    $jobtitle = $user.'Job Title'
    $Department= $user.Department
    $Description = $user.Description
    $OuPath= $user.Path
    $LoginScript=$user.ScriptPath
    $displayname= $user.DisplayName
    $group = $user.Groups
    
    
    #creat the users in active directory
    
    New-ADUser -PassThru -Name "$firstname $lastname" -GivenName $firstname `
     `
     -Surname $lastname  -UserPrincipalName $UsrPrincipalName `
     `
     -SamAccountName $loginname -Path $OuPath -ScriptPath $LoginScript  `
     `
     -AccountPassword $securepassword -ChangePasswordAtLogon $false  `
     `
     -Department $Department -DisplayName $displayname `
     `
     -Description $Description -Title $jobtitle  -Enabled $true  
    
    
     Add-ADPrincipalGroupMembership -Identity $user.SamAccountName -MemberOf $user.Groups
    
     
    Write-Host "`n"
    Write-Host "The account for $firstname $lastname created in $OuPath successfully"
    
    }
    

    Thanks alot for your help

    the CSV file:
    in this link you have a picture of the csv sample
    CSV file

  • #97038

    Don Jones
    Keymaster

    The problem is that a CSV file isn't meant for this. A CSV is a flat file, with each row meant to represent ONE THING. But you're trying to use it to represent MULTIPLE THINGS. You can do some hacks to make it work, but it's always going to be more difficult because it's not what CSV was intended for.

    The "right" thing to do would be to have a SECOND CSV file, with each row listing a user name and ONE group to join them to.

    • #97041

      Lev Leiderman
      Participant

      Hi Don,
      what do you think,
      if i add more headers to the same CSV file like "group1" , "group 2" etc..

      it will do the job?

  • #97043

    Olaf Soyk
    Participant

    What's your problem? What does not work? As you can read in the help the cmdlet Add-ADPrincipalGroupMembership takes for the -MemberOf property Distinguished Name or GUID or Security Identifier or sAMAccountName of the groups. Is it that what you have in your CSV file?

    • #97046

      Lev Leiderman
      Participant

      it's ok, Don is answered my question

      Thanks 🙂

      and it's working now 🙂

  • #97049

    Olaf Soyk
    Participant

    Really? I had another impression.

    • #97053

      Lev Leiderman
      Participant

      Hi Olaf, yes it is:

      here is the code:

      cls
      #get the csv file
      $filepath = import-csv "C:\users.csv"
      
      #set the variable for the uers
      $newusers = $filepath
      
      #set Passwords for new users 
      
      $securepassword = ConvertTo-SecureString "123456" -AsPlainText -Force
      
      #start the loop for adding users
      
      foreach ($user in $newusers) {
      
      
      #get user information
      
      $firstname = $user.'First Name'.Trim()
      $lastname = $user.'Last Name'.Trim()
      $loginname= $user.SamAccountName
      $UsrPrincipalName = $user.UserPrincipalName
      $jobtitle = $user.'Job Title'
      $Department= $user.Department
      $Description = $user.Description
      $OuPath= $user.Path
      $LoginScript=$user.ScriptPath
      $displayname= $user.DisplayName
      $group1 = $user.Group1
      $group2 = $user.Group2
      $group3 = $user.Group3
      $group4 = $user.Group4
      
      
      
      
      
      #creat the users in active directory
      
      New-ADUser -Name "$firstname $lastname" -GivenName $firstname `
       `
       -Surname $lastname  -UserPrincipalName $UsrPrincipalName `
       `
       -SamAccountName $loginname -Path $OuPath -ScriptPath $LoginScript  `
       `
       -AccountPassword $securepassword -ChangePasswordAtLogon $false  `
       `
       -Department $Department -DisplayName $displayname `
       `
       -Description $Description -Title $jobtitle  -Enabled $true  
      
      
       Add-ADPrincipalGroupMembership -Identity $user.SamAccountName -MemberOf $user.group1
       Add-ADPrincipalGroupMembership -Identity $user.SamAccountName -MemberOf $user.group2
       Add-ADPrincipalGroupMembership -Identity $user.SamAccountName -MemberOf $user.group3
       Add-ADPrincipalGroupMembership -Identity $user.SamAccountName -MemberOf $user.group4
      
      
       
      Write-Host "`n"
      Write-Host "The account for $firstname $lastname created in $OuPath successfully"
      
      }
      

      Maybe i'm asking "stupid" questions or it's looks like i don't read stuff or something like that, but i can assure you that i do and lot's and lots of stuff, it's just it takes me a bit longer than other people to understand 🙂

      and with the right guidance from people like Don and other people who are helping me here, i'm understanding things 🙂

    • #97071

      Olaf Soyk
      Participant

      Hmm ... that's actually not what Don recommended. 😉 And I think it's actually not the problem with your original code. If you have a CSV file, every "cell" usually contains a single property. But if you put a "list" of properties into one "cell" you have to "split" them into single properties before using. So when you change your orignal command line from this

      Add-ADPrincipalGroupMembership -Identity $user.SamAccountName -MemberOf $user.Groups

      to this

      Add-ADPrincipalGroupMembership -Identity $user.SamAccountName -MemberOf ($user.Groups -split ',')

      it should actually work like intended.

    • #97104

      Lev Leiderman
      Participant

      Hi Olaf,
      Thanks alot for your information 🙂

      That's what i actually tried to achieve I wanted to use one cell with all the groups comma seporated and grab them, but i just didn't knew how to do that 🙂

      In the end as you can see, what I did is to add 4 more cells (each cell for a group) and run the "Add-ADPrincipalGroupMembership" CmdLet 4 times (as you can see) and it did the trick.

      i'm on power shell abit more then a month so i don't have so much experiance, altghout i read a lot and watch alot of youtube, MVA, CBT etc..

      so each time i'm learning something new 🙂

      my next goal is to make that script to send me an email with all the users that it created with the passwords 🙂

  • #97065

    Joel Sallow
    Participant

    Glad to hear you got it working!

    I'd like to point out here something that could easily cause you a few headaches in future if you keep doing it. Backticks.

    Line-continuations in PS aren't really hard to come by, but backticks are easily the worst method, simply because they are very easy to miss when later editing your code a few months down the line. You can spend hours tracking down the strays causing the issues — and I have, and it's not fun.

    So, instead, I would highly recommend you look into Get-Help about_Splatting, at least for function parameters:

    $UserParameters = @{
        Name                  = "$firstname $lastname"
        GivenName             = $firstname
        Surname               = $lastname
        UserPrincipalName     = $UsrPrincipalName
        SamAccountName        = $loginname
        Path                  = $OuPath
        ScriptPath            = $LoginScript
        AccountPassword       = $securepassword
        ChangePasswordAtLogon = $false
        Department            = $Department
        DisplayName           = $displayname
        Description           = $Description
        Title                 = $jobtitle
        Enabled               = $true
    }
    
    New-ADUser @UserParameters
    
    • #97109

      Lev Leiderman
      Participant

      Hi Joel,

      I'm familiar with the "@" parameter, just i wasn't so sure how to implement that so well, so i've tried the things that i know 🙂

      Good to know 🙂

      Quastion:
      I need to leave the Foreach statement as it is and just edit the code to use the @?

      one more quastion:

      in your code you didn't use "'" at all near the left column :

      $UserParameters = @{
          Name                  = "$firstname $lastname"
          GivenName             = $firstname
      }
      
      

      As I've seen on youtube in one of Don's instructions, when you use "splatting" you have to do it in that way:

      get-wmiobject -class win32_service -computername dc01 -filter "state='running'" -namespace root\cmv2
      
      $stuff=@{
              'class' = 'win32_service;
      'computername'  = 'dc01';
             'filter' = "state='running'"
          'namespace' = "root\cmv2"
             }
      
      
      get-wmiobject @stuff
      

      can you please explain what is the difference? or your way and my example are the same?

      I can use it in both ways?

      Thanks a lot for your help

You must be logged in to reply to this topic.