1

Good Morning Everyone, I need some help.

I am learning powershell and still working on understanding it, but I have a lot of users that I need to update information for the user as well as add them to their specific groups. I would like to be able to use a .csv file to do all this with powershell. Currently I am doing it line by line.

here is what I have so far:

Set-Aduser Usernamehere -Description “000 - SomeJob”
Set-Aduser usernamehere -Office “Somewhere”
Set-Aduser usernamehere -title “SomeJob”
Set-Aduser usernamehere -Department “UM Shelter Program - 000000”
Set-Aduser usernamehere -Company “*********************”

This above code works nice and does what it is supposed to do. My issue is the next piece.

Get-ADUser -SearchBase ‘OU=New Hires,OU=*** Users,DC=***,DC=org’ -Filter * | % {Add-ADGroupMember -Identity 000Group -Members usernamehere}

When I run this line to put users into their groups, it does add them, but then I get an error saying they are already in that group. see next line.

Add-ADGroupMember : The specified account name is already a member of the group
At line:1 char:83

  • … -Filter * | % {Add-ADGroupMember -Identity 000Group -Members usernamehere}
  • CategoryInfo : NotSpecified: (000Group:ADGroup) [Add-ADGroupMember], ADException
  • FullyQualifiedErrorId : The specified account name is already a member of the group,Microso
    ft.ActiveDirectory.Management.Commands.AddADGroupMember

Now this error will come up several times before it will goto the next line for adding the user to another group.

Is my line incorrect for adding a user to a group? How can I get this to just run without the error running a few times before it moves to the next?

I have 300 users to update and running each line takes time, and want to be able to use a .csv to add all the information and Groups but I don’t know how. I could use some assistance while I am learning. So please be patient.

Thank you for any help you can provide.

G

3 Spice ups
2

I
If you already have the username why bother with the Get-ADUser part at all?

This should be enough:

Add-ADGroupMember -Identity 000Group -Members usernamehere
1 Spice up
3

You can update the properties in 1 go like this:

Set-Aduser Usernamehere -Description "000 - SomeJob" -Office "Somewhere" -title "SomeJob" -Department "UM Shelter Program - 000000" -Company "*********************"
Add-ADGroupMember -Identity 000Group -Members usernamehere

saves multiple calls to Set-ADUser.

Though using a technique called splatting makes it nicer to read:

$userParams = @{
    Identity = Usernamehere
    Description = "000 - SomeJob"
    Office = "Somewhere"
    title = "SomeJob"
    Department = "UM Shelter Program - 000000"
    Company = "*********************"
}
Set-Aduser @userParams
Add-ADGroupMember -Identity 000Group -Members usernamehere

note how it changes from $userParams when creating the hash table to @userParams for the splatting…

1 Spice up
4

Hello M Boyle,

Thank you for the help. I am still learning and when you look online there is to much confusion. I thought that using Get-ADuser was needed so you could set the information for the user.

I am starting to see what you have done, and this is very helpful indeed. You are AWESOME!!!

So the next part of my learning is being able to put all 300 users into a .csv file and then be able to import that and Set User information and also add the user to multiple groups that they belong to?

Does this make since?

G

5

Try in csv set header as groupname and username

Import-csv "c:\filename.csv" | foreach{add-adgroupmember "$_.groupname" -member $_.username }

##

without csv

```
Get-ADUser -SearchBase 'OU=New Hires,OU=*** Users,DC=***,DC=org' -Filter * | 
    Foreach-Object {Add-ADGroupMember -Identity "000Group" -Members $_}
```

To set info

$users=Import-csv c:\filename.csv
Foreach($user in $users)
{
$Params = @{
    Identity = $user.username
    Description = "$user.description"
    Office = "$user.office"
    title = "$user.title"
    Department = "$user.department"
    Company = "$user.company"
}
Set-Aduser @Params
}
1 Spice up
6

I am still learning

So am I :slight_smile:

I thought that using Get-ADuser was needed so you could set the information for the user.

The Get-ADUser technique would look something like:

Get-ADUser -SearchBase 'OU=New Hires,OU=*** Users,DC=***,DC=org' -Filter * | 
    Foreach-Object {Add-ADGroupMember -Identity 000Group -Members $_.samAccountName}

where you would be getting all the users in a particular OU and adding them all to a group. One of several ways to do this.

So the next part of my learning is being able to put all 300 users into a .csv file and then be able to import that and Set User information and also add the user to multiple groups that they belong to?

Does this make since?

Yes, it makes sense.

edit: use $_ in the pipelein.

7

Hello M Boyle,

So i worked with the splatting script provided. The add-groupmemeber works great, how ever with the $UserParams i am getting an error. Please see line below.

Script:

$userParams = @{
Identity = annaly.flores
Description = “000 - Case Manager”
Office = “location of office”
title = “Case Manager”
Department = “UM Shelter Program - 000000”
Company = “Company Name”
}
Set-Aduser @userParams

Error:

annaly.flores : The term ‘annaly.flores’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included,
verify that the path is correct and try again.
At line:2 char:16

  • Identity = annaly.flores
  • CategoryInfo : ObjectNotFound: (annaly.flores:String) , CommandNotFoundException
  • FullyQualifiedErrorId : CommandNotFoundException

Set-ADUser : Cannot validate argument on parameter ‘Identity’. The argument is null. Provide a valid value for the argument, and then try running the command again.
At line:9 char:12

  • Set-Aduser @userParams
  • CategoryInfo : InvalidData: (:slight_smile: [Set-ADUser], ParameterBindingValidationException
  • FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.SetADUser

Thoughts? Also i know that this user does exist and is located several OU’s in.

Thank you in advance.

G

8

Heh.

In a hash table the key values on the left of the = do not need quotes.

The values on the right of the = need to be quoted or be existing variables.

So it should look like this:

$userParams = @{
    Identity = 'annaly.flores'
    Description = "000 - Case Manager"
    Office = "location of office"
    title = "Case Manager"
    Department = "UM Shelter Program - 000000"
    Company = "Company Name"
}
Set-Aduser @userParams

When you are inserting code please use the Insert Code </> button. Makes it easier to read.

1 Spice up
9

JitenSH,

I used your code, and have the file setup as you suggested. After running it, i recieved errors. I dont think it is going to the proper OU as i have listed. it is only hitting the top level. Please see below.

my OU that i need to get to is further in. my original OU that i was getting to is OU=New Hires,OU=*** users,DC=***,DC=org? Thoughts?

add-adgroupmember : Cannot find an object with identity: ‘@{groupname=common;
username=****}.groupname’ under: 'DC=,DC=org’.
At line:1 char:61

  • Import-csv “C:\Users\gpts\Desktop\add_groups.csv” | foreach{add-adgroupmember "$ …
  • CategoryInfo : ObjectNotFound: (@{groupname=***…inez}.groupname:ADGroup) [Ad
    d-ADGroupMember], ADIdentityNotFoundException
  • FullyQualifiedErrorId : Cannot find an object with identity: ‘@{groupname=common; us
    ername=    }.groupname’ under: 'DC=*,DC=org’.,Microsoft.ActiveDirectory.M
    anagement.Commands.AddADGroupMember

your help is much appreciated as well, and really thank you a lot.

G

10

M Boyle,

Gotcha, makes perfect sense and dumb for not seeing it, lol

Thank you

So for it is helping. Now to get the .csv to work, and being able to get all that done.

I know that JitenSH is helping as well.

Is it possible to set user information and groups at the same time?

well off i go to get this done, lots to do and users are not going to wait, LOL

G

11

Is it possible to set user information and groups at the same time?

Nope. Different cmdlets so you have to process the changes separately.

If you process the users in a loop it should be pretty easy to do:

$users = Import-csv c:\filename.csv
Foreach($user in $users)
{
    # Set-ADUser ...
    # Add-ADGropupMember ...
}

The csv file need certain information to make this possible and the headers should make sense.

12

Remove the quotation run run as

Import-csv "c:\filename.csv" | foreach{add-adgroupmember $_.groupname -member $_.username }
1 Spice up
13

Good Morning, Help needed

well i am back to learning some more here.

I have been able to work through users one by one and now it is just mind numbing. Now i need to see if i can work on putting data in a spread sheet.

Do i have to have 2 spread sheets, 1 for users and SetAduser info, and 1 for adding Group memberships.

Can you have more than one group per user on a line? Is it possible to collapse all this into 1.csv?

I hope i am making sense here. Lost on this… till then back to doing it one by one

Thank you M Boyle and anyone that can help.

EX:

11.JPG

would the other .csv look like this?

22.JPG
22.JPG800×107 12.7 KB

I am not understanding this @M Boyle

$users = Import-csv c:\filename.csv
Foreach($user in $users)
{
    # Set-ADUser ...
    # Add-ADGropupMember ...
}

@psophos @jitensh

14

Can you have more than one group per user on a line? Is it possible to collapse all this into 1.csv?

I hope i am making sense here. Lost on this… till then back to doing it one by one

With a little bit of trickery, yes. Are you the only person who will be using this script?

Powershell can handle csv files easily. CSV files generally separate values using commas ‘,’ so we could have 1 extra field for groups if the data in that field was separated by say semi-colons ‘;’

Try this in a separate file so you understand things better:
users.csv:

"username","description","office","groups"
"AShowers","IT Manager","Denver","IT;senior management;IT managers"
WStorms,HR Manager,Chicago,HR;senior management;HR managers
"FFrosts","CEO", "Chicago","senior management;Finance"

users.ps1:

$users = Import-csv './users.csv'
foreach($user in $users)
{
	$user.username
	$user.description
	$user.office
	'Groups:'
	$user.groups.split(';')
	''
}
15

M Boyle,

Thank you. I did add information to the .csv as your example. It was able to import the file. and for each user it came out.

Wow this is amazing, i cant believe you have this much fun. Learning this is Awesome!!

However it came out on the screen for the input, instead of writing it to the users information in AD, did i miss something?

Wolfdancer

@psophos

16

M Boyle,

Here is what i get on the screen. small steps but having fun.

Username
Youth Care Worker
City
YO
Title
this is my company
Groups:
963common
Allowed RODC Password Replication Group
SWK World

17

What have you tried yet? you are just asking for more and more. This is not a script writing service, if you have a code, and you have tried and its not working we just help you figure out. If you are done with your 1 part of question create a new post and post what have you tried and where you are stuck.

Please read PLEASE READ BEFORE POSTING!

18

The script I gave was just to verify that the data was being read in properly from the csv file.

You’re almost there. It’s now a matter of putting the various parts together from the answers given above.

The script will look similar to this:

$users = Import-csv './users.csv'
foreach($user in $users)
{
    $userParams = @{
        Identity    = $user.username
        # ...
        WhatIf = $true
    }
    Set-Aduser @userParams

    $groups = $user.groups.split(';')
    Add-ADPrincipalGroupMembership -Identity $user.username -MemberOf $groups -WhatIf
}

Some code has been left for you to add yourself. Like most of the properties that will feed Set-ADUser/ That hash-table needs finishing.

I added in -WhatIf so that the code will not make changes. Delete them when you want to try it. Hopefully you are testing this somewhere first.

The last change was the use of the Add-ADPrincipalGroupMembership cmslet. That allows you to add a user into multiple groups in one go.

I have not tested this! Make sure you do.