Hi guys, At my work we frequently get new people coming and going so often have to set people up with permissions to our systems. What I’d like to do is come up with a Powershell scipt that asks for me to input a username and automaticly adds a specified list of Active Directory groups listed within the sript, so that at the time of running I only need to input a username.
if anyone has idea’s on how I could do this I would be eternally greatfull!!
13 Spice ups
$username = Read-Host "Enter Username:"
$groups = @(
'Group1'
'Group2'
'Group3'
)
$groups | Add-ADGroupMember -Members $username
That’s the basic idea.
3 Spice ups
mkarmil
(MKarmil)
3
import-module activedirectory
$fname = read-host -prompt "Enter First Name: "
$lname = read-host -prompt "Enter Last Name: "
$Fullname = "$fname $lname"
$securetext = read-host -prompt "Enter Password: " -assecurestring
$OU = read-host -prompt "Enter OU: "
$tpath = "OU=$OU,OU=Domain Users,DC=Domain,DC=local"
new-aduser -name $fullname -accountpassword $securetext -emailaddress "$fname.$lname@domain.com" -enabled $true
get-aduser $fullname| Move-ADObject -targetpath $tpath
This is mine currently. You can modify how you’d like it. Mine has a couple extra steps.
3 Spice ups
@MKarmil Your script seems to be more based on creating an account. I don’t need to do that really…just update the groups of an existing account.
@cduff it doesn’t seem to work…I changed the bits where it says ‘Group1’ to the names of the groups I want to add but it flashes up with some red text that dissapears before I can read it and closes without adding the group :S
Open powershell and run the script, rather than just double clicking it and then post the error.
It worked for me.
What error are you getting?
You can add (Get-ADUser $username –Properties MemberOf | Select-Object MemberOf).MemberOf to verify that they were added.
$username = Read-Host "Enter Username:"
$groups = @(
'Group1'
'Group2'
'Group3'
)
$groups | Add-ADGroupMember -Members $username
Write-output "User is now member of the following groups:"
(Get-ADUser $username –Properties MemberOf | Select-Object MemberOf).MemberOf
@cduff & @Matthew5942
I’m out of the office now till Monday morning…I will try then and let you guys know, thanks for that so far though!
This is the error I get. Any ideas?
The term ‘groups’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spel
ling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:26
-
foreach ($group in groups <<<< ){
-
CategoryInfo : ObjectNotFound: (groups:String) , CommandNotFoundException
-
FullyQualifiedErrorId : CommandNotFoundException
You didn’t put the dollar sign in front of groups. I can tell that from the error message.
Now, I don’t see anything that either of the Matthews, or myself posted that had a foreach() loop in there. If you made a modification and it didn’t work, It’d help if you posted the modification back, too.
2 Spice ups
The new script I tried there was
$username = Read-Host “Enter Username:”
$groups = @(
‘RGG-Aqua Site Share Users’
‘SGG-CIS Helpdesk’
‘AGG-ENV0033_InternetExplorer’
)
foreach ($group in $groups){
Add-ADGroupMember -Members $username
}
foreach ($group in $groups){
Add-ADGroupMember -Identity $group -Members $username
}
You need to include the -Identity parameter.
Hey guys I added “import-module ActiveDirectory” and it works perfectly! thanks guys for your help!!
1 Spice up
bobmccoy
(bobmccoy)
13
Which means you’re probably running v2 of PowerShell. Unless you have a compelling reason not to, you really should upgrade to v4. v5 will be out very shortly.
