Bulk Add AD Computers to AD Group

This topic contains 7 replies, has 4 voices, and was last updated by Profile photo of Raymond Slieff Raymond Slieff 2 years, 10 months ago.

  • Author
    Posts
  • #16383
    Profile photo of Scott
    Scott
    Participant

    Hi,

    I'm looking for the best way to bulk add a list (txt) of AD Computer Accounts to a specific AD Group, has anyone out there done this before ?

  • #16386
    Profile photo of Martin Nielsen
    Martin Nielsen
    Participant

    PowerShell 3+:

    $computers = Get-ADComputers * | Select -ExpandProperty SamAccountName
    Get-ADGroup testgroup | Add-ADGroupMember -Member $computers
    

    Add-ADGroupMember might actually be able to take ADComputer objects. I don't remember off the top of my head and I don't have a test environment at hand right now.

    PowerShell 2:

    $computers = @() # list of computer distinguishedName values
    
    $group = [ADSI]"LDAP://CN=TestGroup,OU=Groups,DC=example,DC=com"
    foreach($computerDn in $computers) {
        # The .Add() method outputs the number of objects in the list, so Out-Null to avoid unnecessary clutter
        $group.Properties["member"].Add($computerDn) | Out-Null 
    }
    $group.CommitChanges()
    
  • #16387
    Profile photo of Scott
    Scott
    Participant

    Hi Martin,

    Thanks for coming back so quickly – is there a way of reading the computer names from a text file, i just have a list of computernames that are located in various OU's that i need to add to an AD Group for Software Distribution purposes.

    Good news though – i have PowerShell 3!

  • #16388
    Profile photo of Martin Nielsen
    Martin Nielsen
    Participant

    Sure

    $computers = Get-Content .\computers.txt
    

    Put one computer name per line. You may have to add $ to the end of the names though, as I can't recall if it requires SamAccountNames, or if simply using the name is enough. Again, no test environment.

  • #16391
    Profile photo of Peter Jurgens
    Peter Jurgens
    Participant

    Just want to clarify that AD cmdlets work in V2 as well... But good to see two different examples of accomplishing the same thing! That's what PowerShell is all about!

    • #16393
      Profile photo of Martin Nielsen
      Martin Nielsen
      Participant

      They do? Ah. My bad. Use the Cmdlets then, less chance to go wrong. ADSI can be a strange place at times.

  • #16397
    Profile photo of Scott
    Scott
    Participant

    Thanks Guys, i'll put it to the test!

  • #16409
    Profile photo of Raymond Slieff
    Raymond Slieff
    Participant

    I believe you can also do something similar to this:

    Get-ADComputers -Filter {SamAccountName -like "*Notebook*"} | Add-ADPrincipleGroupMembership -MemberOf "NewGroupName

    It says Add-ADPrinipleGroupMembership should take pipline, but I want to say that I end up doing things through a foreach like this.

    Get-ADComputers -Filter {SamAccountName -like "*Notebook*"} | Foreach-Object { Add-ADPrincipleGroupMembership -Identity $_.SamAccountName -MemberOf "NewGroupName" }

    Again, there are so many ways to do the same thing, I guess I have something to do Monday by throwing some of those through a Measure-Command to see which one I should be using.

You must be logged in to reply to this topic.