Bulk Add AD Computers to AD Group

This topic contains 7 replies, has 4 voices, and was last updated by  Raymond Slieff 3 years, 2 months ago.

  • Author
    Posts
  • #16383

    Scott
    Participant

    Hi,

    I'm looking for the best way to bulk add a list (txt) of AD Computer Accounts to a specific AD Group, has anyone out there done this before ?

  • #16386

    Martin Nielsen
    Participant

    PowerShell 3+:

    $computers = Get-ADComputers * | Select -ExpandProperty SamAccountName
    Get-ADGroup testgroup | Add-ADGroupMember -Member $computers
    

    Add-ADGroupMember might actually be able to take ADComputer objects. I don't remember off the top of my head and I don't have a test environment at hand right now.

    PowerShell 2:

    $computers = @() # list of computer distinguishedName values
    
    $group = [ADSI]"LDAP://CN=TestGroup,OU=Groups,DC=example,DC=com"
    foreach($computerDn in $computers) {
        # The .Add() method outputs the number of objects in the list, so Out-Null to avoid unnecessary clutter
        $group.Properties["member"].Add($computerDn) | Out-Null 
    }
    $group.CommitChanges()
    
  • #16387

    Scott
    Participant

    Hi Martin,

    Thanks for coming back so quickly – is there a way of reading the computer names from a text file, i just have a list of computernames that are located in various OU's that i need to add to an AD Group for Software Distribution purposes.

    Good news though – i have PowerShell 3!

  • #16388

    Martin Nielsen
    Participant

    Sure

    $computers = Get-Content .\computers.txt
    

    Put one computer name per line. You may have to add $ to the end of the names though, as I can't recall if it requires SamAccountNames, or if simply using the name is enough. Again, no test environment.

  • #16391

    Peter Jurgens
    Participant

    Just want to clarify that AD cmdlets work in V2 as well... But good to see two different examples of accomplishing the same thing! That's what PowerShell is all about!

    • #16393

      Martin Nielsen
      Participant

      They do? Ah. My bad. Use the Cmdlets then, less chance to go wrong. ADSI can be a strange place at times.

  • #16397

    Scott
    Participant

    Thanks Guys, i'll put it to the test!

  • #16409

    Raymond Slieff
    Participant

    I believe you can also do something similar to this:

    Get-ADComputers -Filter {SamAccountName -like "*Notebook*"} | Add-ADPrincipleGroupMembership -MemberOf "NewGroupName

    It says Add-ADPrinipleGroupMembership should take pipline, but I want to say that I end up doing things through a foreach like this.

    Get-ADComputers -Filter {SamAccountName -like "*Notebook*"} | Foreach-Object { Add-ADPrincipleGroupMembership -Identity $_.SamAccountName -MemberOf "NewGroupName" }

    Again, there are so many ways to do the same thing, I guess I have something to do Monday by throwing some of those through a Measure-Command to see which one I should be using.

You must be logged in to reply to this topic.