Author Posts

June 19, 2014 at 11:08 pm

Hi,

I'm looking for the best way to bulk add a list (txt) of AD Computer Accounts to a specific AD Group, has anyone out there done this before ?

June 19, 2014 at 11:47 pm

PowerShell 3+:

$computers = Get-ADComputers * | Select -ExpandProperty SamAccountName
Get-ADGroup testgroup | Add-ADGroupMember -Member $computers

Add-ADGroupMember might actually be able to take ADComputer objects. I don't remember off the top of my head and I don't have a test environment at hand right now.

PowerShell 2:

$computers = @() # list of computer distinguishedName values

$group = [ADSI]"LDAP://CN=TestGroup,OU=Groups,DC=example,DC=com"
foreach($computerDn in $computers) {
    # The .Add() method outputs the number of objects in the list, so Out-Null to avoid unnecessary clutter
    $group.Properties["member"].Add($computerDn) | Out-Null 
}
$group.CommitChanges()

June 19, 2014 at 11:53 pm

Hi Martin,

Thanks for coming back so quickly – is there a way of reading the computer names from a text file, i just have a list of computernames that are located in various OU's that i need to add to an AD Group for Software Distribution purposes.

Good news though – i have PowerShell 3!

June 19, 2014 at 11:58 pm

Sure

$computers = Get-Content .\computers.txt

Put one computer name per line. You may have to add $ to the end of the names though, as I can't recall if it requires SamAccountNames, or if simply using the name is enough. Again, no test environment.

June 20, 2014 at 12:18 am

Just want to clarify that AD cmdlets work in V2 as well... But good to see two different examples of accomplishing the same thing! That's what PowerShell is all about!

June 20, 2014 at 12:33 am

They do? Ah. My bad. Use the Cmdlets then, less chance to go wrong. ADSI can be a strange place at times.

June 20, 2014 at 1:26 am

Thanks Guys, i'll put it to the test!

June 20, 2014 at 2:37 pm

I believe you can also do something similar to this:

Get-ADComputers -Filter {SamAccountName -like "*Notebook*"} | Add-ADPrincipleGroupMembership -MemberOf "NewGroupName

It says Add-ADPrinipleGroupMembership should take pipline, but I want to say that I end up doing things through a foreach like this.

Get-ADComputers -Filter {SamAccountName -like "*Notebook*"} | Foreach-Object { Add-ADPrincipleGroupMembership -Identity $_.SamAccountName -MemberOf "NewGroupName" }

Again, there are so many ways to do the same thing, I guess I have something to do Monday by throwing some of those through a Measure-Command to see which one I should be using.