Put domain computer(s) into Security Group

This topic contains 1 reply, has 2 voices, and was last updated by Profile photo of Don Jones Don Jones 2 years, 2 months ago.

  • Author
    Posts
  • #18559
    Profile photo of Frank Gray
    Frank Gray
    Participant

    I'm fairly new to PowerShell so I'm trying to do more admin functions in PS than the GUI. When I'm pushing out a new application with Group Policy, I create a Security Group for the computers to get the program.

    I've been struggling with something as simple as placing a computer into a security group with PS.

    Sure, eventually, I'd like to have a script that dumps a bunch of computers into the group, but I'm trying to do a single one to start to see it work and I'm failing at a pretty simple task.

    I've tried using add-adgroupmember -identity -members . I'm using the computer's DNS name.

    I even tried simply typing add-adgroupmember .

    I'm prompted for Identity and it takes the group name, now prompting me for members (0), I paste in the DNS computer name and enter. The prompt goes to members(1). I hit enter and it tells me it can't find the computer name.

    After spending a good deal of time on this, it's time to ask for some advice.

    Thanks!

  • #18561
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Good for you!

    So the [1] prompt you're seeing is because the parameter can accept multiple values; hitting Enter on a blank line is the correct way to make it proceed. So now we just need to get it a legit value.

    Specifying a DN might be a better way to identify the computer, if you can. You can also provide a GUID, SID, or SAM account name. A fully-qualified DNS name won't work; just a plain computer name should, provided it's the computer's samAccountName in Active Directory. It's important that there not be a same-named User account in the domain, because if there is, it'll grab that instead.

    But notice in http://blogs.technet.com/b/heyscriptingguy/archive/2013/12/25/powertip-add-computer-to-security-group-with-powershell.aspx that the computer's samAccountName is suffixed with a $. You might try adding that.

You must be logged in to reply to this topic.