Author Posts

March 25, 2018 at 2:28 pm

Hi guys,
maby i define the quastion in wrong way so, i'm sorry for that.

i have a script which is creating users from a CSV file, in that same CSV file i have a header which named "groups"
for each user i've written the groups that it need to be joined, using the "Add-ADPrincipalGroupMembership" which is supposed to be used for adding one user for multiple groups.

It working great when i use it for indevidual user that's mean for me that my syntax is correct, but i'm missing something and here is where i need your help

now here is my quastion:

1) Do i need to creat indevidual geader for each group in the CSV file? or there is a way to make the
"Add-ADPrincipalGroupMembership" CmdLet to read all the comma seporated groups? (if i think about that in the Power Shell way, i'll guess that i need to creat each header for each group?)

i'm adding my code and the CSV headers for better understanding:

Headers from the CSV file:
"First Name, Last Name, SamAccountName, UserPrincipalName, DisplayName, Job Title, Department, Description, Path, ScriptPath, Groups"

Groups under the appropriate
the groups written like that in each raw under the "Groups" header: "VPN,NY branch,HR,Terminal Server Users"

here is my code

cls
#get the csv file
$filepath = import-csv "C:\users.csv"

#set the variable for the uers
$newusers = $filepath

#set Passwords for new users 

$securepassword = ConvertTo-SecureString "blahblah" -AsPlainText -Force

#start the loop for adding users

foreach ($user in $newusers) {


#get user information

$firstname = $user.'First Name'.Trim()
$lastname = $user.'Last Name'.Trim()
$loginname= $user.SamAccountName
$UsrPrincipalName = $user.UserPrincipalName
$jobtitle = $user.'Job Title'
$Department= $user.Department
$Description = $user.Description
$OuPath= $user.Path
$LoginScript=$user.ScriptPath
$displayname= $user.DisplayName
$group = $user.Groups


#creat the users in active directory

New-ADUser -PassThru -Name "$firstname $lastname" -GivenName $firstname `
 `
 -Surname $lastname  -UserPrincipalName $UsrPrincipalName `
 `
 -SamAccountName $loginname -Path $OuPath -ScriptPath $LoginScript  `
 `
 -AccountPassword $securepassword -ChangePasswordAtLogon $false  `
 `
 -Department $Department -DisplayName $displayname `
 `
 -Description $Description -Title $jobtitle  -Enabled $true  


 Add-ADPrincipalGroupMembership -Identity $user.SamAccountName -MemberOf $user.Groups

 
Write-Host "`n"
Write-Host "The account for $firstname $lastname created in $OuPath successfully"

}

Thanks alot for your help

the CSV file:
in this link you have a picture of the csv sample
CSV file

March 25, 2018 at 2:35 pm

The problem is that a CSV file isn't meant for this. A CSV is a flat file, with each row meant to represent ONE THING. But you're trying to use it to represent MULTIPLE THINGS. You can do some hacks to make it work, but it's always going to be more difficult because it's not what CSV was intended for.

The "right" thing to do would be to have a SECOND CSV file, with each row listing a user name and ONE group to join them to.

March 25, 2018 at 2:38 pm

Hi Don,
what do you think,
if i add more headers to the same CSV file like "group1" , "group 2" etc..

it will do the job?

March 25, 2018 at 2:39 pm

What's your problem? What does not work? As you can read in the help the cmdlet Add-ADPrincipalGroupMembership takes for the -MemberOf property Distinguished Name or GUID or Security Identifier or sAMAccountName of the groups. Is it that what you have in your CSV file?

March 25, 2018 at 2:41 pm

it's ok, Don is answered my question

Thanks 🙂

and it's working now 🙂

March 25, 2018 at 2:46 pm

Really? I had another impression.

March 25, 2018 at 3:03 pm

Hi Olaf, yes it is:

here is the code:

cls
#get the csv file
$filepath = import-csv "C:\users.csv"

#set the variable for the uers
$newusers = $filepath

#set Passwords for new users 

$securepassword = ConvertTo-SecureString "123456" -AsPlainText -Force

#start the loop for adding users

foreach ($user in $newusers) {


#get user information

$firstname = $user.'First Name'.Trim()
$lastname = $user.'Last Name'.Trim()
$loginname= $user.SamAccountName
$UsrPrincipalName = $user.UserPrincipalName
$jobtitle = $user.'Job Title'
$Department= $user.Department
$Description = $user.Description
$OuPath= $user.Path
$LoginScript=$user.ScriptPath
$displayname= $user.DisplayName
$group1 = $user.Group1
$group2 = $user.Group2
$group3 = $user.Group3
$group4 = $user.Group4





#creat the users in active directory

New-ADUser -Name "$firstname $lastname" -GivenName $firstname `
 `
 -Surname $lastname  -UserPrincipalName $UsrPrincipalName `
 `
 -SamAccountName $loginname -Path $OuPath -ScriptPath $LoginScript  `
 `
 -AccountPassword $securepassword -ChangePasswordAtLogon $false  `
 `
 -Department $Department -DisplayName $displayname `
 `
 -Description $Description -Title $jobtitle  -Enabled $true  


 Add-ADPrincipalGroupMembership -Identity $user.SamAccountName -MemberOf $user.group1
 Add-ADPrincipalGroupMembership -Identity $user.SamAccountName -MemberOf $user.group2
 Add-ADPrincipalGroupMembership -Identity $user.SamAccountName -MemberOf $user.group3
 Add-ADPrincipalGroupMembership -Identity $user.SamAccountName -MemberOf $user.group4


 
Write-Host "`n"
Write-Host "The account for $firstname $lastname created in $OuPath successfully"

}

Maybe i'm asking "stupid" questions or it's looks like i don't read stuff or something like that, but i can assure you that i do and lot's and lots of stuff, it's just it takes me a bit longer than other people to understand 🙂

and with the right guidance from people like Don and other people who are helping me here, i'm understanding things 🙂

March 25, 2018 at 7:19 pm

Glad to hear you got it working!

I'd like to point out here something that could easily cause you a few headaches in future if you keep doing it. Backticks.

Line-continuations in PS aren't really hard to come by, but backticks are easily the worst method, simply because they are very easy to miss when later editing your code a few months down the line. You can spend hours tracking down the strays causing the issues — and I have, and it's not fun.

So, instead, I would highly recommend you look into Get-Help about_Splatting, at least for function parameters:

$UserParameters = @{
    Name                  = "$firstname $lastname"
    GivenName             = $firstname
    Surname               = $lastname
    UserPrincipalName     = $UsrPrincipalName
    SamAccountName        = $loginname
    Path                  = $OuPath
    ScriptPath            = $LoginScript
    AccountPassword       = $securepassword
    ChangePasswordAtLogon = $false
    Department            = $Department
    DisplayName           = $displayname
    Description           = $Description
    Title                 = $jobtitle
    Enabled               = $true
}

New-ADUser @UserParameters

March 25, 2018 at 8:52 pm

Hmm ... that's actually not what Don recommended. 😉 And I think it's actually not the problem with your original code. If you have a CSV file, every "cell" usually contains a single property. But if you put a "list" of properties into one "cell" you have to "split" them into single properties before using. So when you change your orignal command line from this

Add-ADPrincipalGroupMembership -Identity $user.SamAccountName -MemberOf $user.Groups

to this

Add-ADPrincipalGroupMembership -Identity $user.SamAccountName -MemberOf ($user.Groups -split ',')

it should actually work like intended.

March 26, 2018 at 5:32 am

Hi Olaf,
Thanks alot for your information 🙂

That's what i actually tried to achieve I wanted to use one cell with all the groups comma seporated and grab them, but i just didn't knew how to do that 🙂

In the end as you can see, what I did is to add 4 more cells (each cell for a group) and run the "Add-ADPrincipalGroupMembership" CmdLet 4 times (as you can see) and it did the trick.

i'm on power shell abit more then a month so i don't have so much experiance, altghout i read a lot and watch alot of youtube, MVA, CBT etc..

so each time i'm learning something new 🙂

my next goal is to make that script to send me an email with all the users that it created with the passwords 🙂

March 26, 2018 at 7:34 am

Hi Joel,

I'm familiar with the "@" parameter, just i wasn't so sure how to implement that so well, so i've tried the things that i know 🙂

Good to know 🙂

Quastion:
I need to leave the Foreach statement as it is and just edit the code to use the @?

one more quastion:

in your code you didn't use "'" at all near the left column :

$UserParameters = @{
    Name                  = "$firstname $lastname"
    GivenName             = $firstname
}

As I've seen on youtube in one of Don's instructions, when you use "splatting" you have to do it in that way:

get-wmiobject -class win32_service -computername dc01 -filter "state='running'" -namespace root\cmv2

$stuff=@{
        'class' = 'win32_service;
'computername'  = 'dc01';
       'filter' = "state='running'"
    'namespace' = "root\cmv2"
       }


get-wmiobject @stuff

can you please explain what is the difference? or your way and my example are the same?

I can use it in both ways?

Thanks a lot for your help