How can I add multiple computer accounts from within a text file into a security group in Active Directory? I put this snippet of code together but it only works with user accounts.
Import-Module ActiveDirectory
Get-Content C:\Servers.txt | Foreach-Object {Add-ADGroupMember "WSUS Auto Download and Notify for Install" $_}
The command you are looking for is Add-ADPrincipalGroupMembership.
Get-Content c:\servers.txt | Add-ADPrincipalGroupMember -memberof 'WSUS Auto Download and Notify for Install'
If you need to add the "$" at the end of the computer name, your command could use a scriptblock parameter (an anoymous function that can modify pipeline input).
Get-Content c:\servers.txt | Add-ADPrincipalGroupMember -memberof 'WSUS Auto Download and Notify for Install' -identity {"$_$"}
I use -Identity $_.objectGUID
$_$ didn't work for me.
EDIT: Ah, sorry, that's because I use Get-ADComputer to pipe it, and not a text file.
I had similar task found info on this link worked for me,
Run it in powershell as admin
Import-Module ActiveDirectory
$List=Get-Content c:\computers.txt
$List | foreach {Add-ADGroupMember -id ADGroupName -MEMBERS (Get-ADComputer $_)
Related
I am trying to create a batch file for my below powershell script. I want it to ask Group name first and then run the PS script.
Get-AdGroupMember -identity "GroupName" | select name | Export-csv -path C:\members.csv -NoTypeInformation
Any leads please?
If you want Ps to ask, the consider using read-host like mentioned by #vonPryz.
$groupname = read-host "Please enter the Group Name:" # this bit will save the input to a variable.
Get-AdGroupMember -identity $groupname | select name | Export-csv -path C:\members.csv -NoTypeInformation
I am trying to get a file with the group-memberships for every user that is specified in a txt/csv file.
so this is what i had before:
Get-ADPrincipalGroupMembership -Identity $user -Server $DC | Select name | Where-Object name -like GUSR_* | Out-File "C:\temp\$user.txt"
this work fine for getting the groups from 1 singel user, but now i have to do this for 100+ users.
And instead of doing it one by one i am looking for a way to automate it.
so i got myself a .csv export of all the users i want this done for.
and started trying.
what i came up with so far:
$users = Get-Content "C:\temp\test.csv" |ForEach-Object {Get-ADPrincipalGroupMembership -Identity $users -Server $DC | Select name | Where-Object name -like GUSR_* | Out-File "\\ads.net\ADS\SDL\Temp\_ROLAND\RSD\test2\$users.txt"}
This cleary doesnt work.
I have tried a couple of other things with the foreach command but nothing did the trick.
I have the feeling i am not on the right path to get my result.
Maby somebody has done this before and can help me get on the right path.
i'm not new to powershell but i'm far from an expert, most of the time i use it for basic singel commands or edit some great scripts i find.
sadly for this i haven't found any yet.
with kind regards
Roland
Don't assign back to a variable
Import the CSV
No filter after select
Pretiffy your -like
Use $_ as pipeline variable
Use subexpression operator for string+variable concatenation
Import-Csv "C:\temp\test.csv" |ForEach-Object {Get-ADPrincipalGroupMembership -Identity $_.users -Server $_.DC | Where-Object {$_.name -like 'GUSR_*'} | Select -Expand Name | Out-String | Out-File "\\ads.net\ADS\SDL\Temp\_ROLAND\RSD\test2\$($_.users).txt"}
I'v been using these to list locked users in my domain and prompt me for input samaccountname to unlock desired one:
I did it with 3 file.
first one is ps1 to list all of them
import-module activedirectory
search-adaccount -lockedout | select name, samaccountname, OU
second one is another ps1 file:
$user = Read-Host "Enter user account (SAMACCOUNTNAME) to unlock or press ENTER to refresh list"
Search-ADAccount -LockedOut | Where {$_.samaccountname -eq $user} | Unlock-ADAccount
and for executing above files, i use a .bat file:
:loop
powershell.exe -ExecutionPolicy Bypass -File c:\ps\lockedlist.ps1
powershell.exe -ExecutionPolicy Bypass -File c:\ps\unlock.ps1
cls
goto loop
and when i run it... it list all locked users and i can copy paste each samaacount name to unlock them
BUT the problem is,when I want to do it with ONE ps1 file it doesnt work. it just ask for samaccountname but it doesnt list it
import-module activedirectory
search-adaccount -lockedout | select name, samaccountname, OU
$user = Read-Host "Enter user account (SAMACCOUNTNAME) to unlock or press ENTER to refresh list"
Search-ADAccount -LockedOut | Where {$_.samaccountname -eq $user} | Unlock-ADAccount
i know .bat file will be pretty same...
thanks to anyone who reads and helps.
Powershell always tries to optimize the output it gives for you. So the order of the output might not be the same as you expect it from the commands you have in a script. If possible it will concatenate output to be more readable especially when it's the same type of objects. To break this you could use a format cmdlet like Format-Table par example.
Search-ADAccount -LockedOut |
Select-Object -Property Name, sAMAccountName, DistinguishedName |
Format-Table
$user = Read-Host -Prompt 'Enter user account (SAMACCOUNTNAME) to unlock or press ENTER to refresh list'
Search-ADAccount -LockedOut |
Where-Object -FilterScript {$_.samaccountname -eq $user} |
Unlock-ADAccount
At least, it worked in my environment.
And BTW: Since Powershell version 3 you don't need to explicitly import the modules anymore. They will be imported automaticaly. Better would be to use a #Requires statement like #Requires -Modules activedirectory on top of the script. That would even prevent the script to run if there's no active directory module installed
Getting an ambiguous identity error. I can search successfully to return the group that a user account is a member of, but when I try to search for the groups that a computer account is a member of there is the ambiguous identity error. I tried to use a -type or -identity switch, but either I did not have the syntax correct or it was just not applicable.
Where my targeted computer account is called SNA00760856, I have been working on using...
Get-QADGroup -Containsindirectmember SNA00760856
Any massaging that I can do to the command to get the groups that the computer SNA00760856 is a member of? Dropping in a user account in place of the computer account works like a charm.
I have also tried to qualify the computer name with the domain info.
Ie SNA00760856.mydivision.mydomain.com or mydivision\SNA00760856
Also tried to collect the membership of the computer using which I know is wrong after a closer reading of the switch info....
Get-QADobject -IndirectMemberOf SNA00760856
Results in ambiguous identity as well.
You can get the group memberships of a computer in AD through the ActiveDirectory module with Get-ADPrincipalGroupMembership. You'll need to search via the computers DistinguishedName, which can be achieved by leveraging Get-ADComputer:
Get-ADPrincipalGroupMembership (Get-ADComputer SNA00760856).DistinguishedName
That'll return all of the group objects SNA00760856 is a member of.
If you want to clean up the output, use this
Get-ADPrincipalGroupMembership (Get-ADComputer ComputerName) | select-object name
If you export to a list use
Get-AdPrincipalGroupMembership ( Get-ADComputer XXXXXXX ) | Out-File C:\XXX\XXX
I used something to pull down the AD Computer information and the Computer membership into one Text file.
This is using $Env:computerName to get the name of computer script is run on. If you want to select a different computer, change out the variable $HostName = to a computer name of your choice. Example $HostName = "Janes-Laptop01" .
The computer you run this script on must have the Active Directory module installed for this to work.
Import-module -Name ActiveDirectory
$HostName = $Env:computerName
$path = "c:\temp\Computer_AD_Membership_Info_$($HostName)_$(get-date -f yyyyMMdd-hhmm).txt"
Echo "`r`n ******* Computer OU Information. ******* `r`n" | Out-File -FilePath $path -Encoding utf8 -Force ;
Get-AdComputer -Identity $($HostName) -Properties * | Out-File -FilePath $path -Encoding utf8 -Append -Force ;
Echo "`r`n ******* AD Groups Computer Member of. ******* `r`n" | Out-File -FilePath $path -Encoding utf8 -Append -Force ;
Get-ADPrincipalGroupMembership (Get-ADComputer $($HostName)).DistinguishedName | Out-File -FilePath $path -Encoding utf8 -Append -Force ;
I'm trying to write a single command in PS which lets me the AD account for all lync enabled users by samaccountname
I tried this:
get-csuser | where {$_.Enabled -eq $True -and $_.SipAddress -ne $null} | foreach-object {get-aduser -filter {samaccountname -eq $_.samaccountname}}
This however doesn't work
I know I can do this with a simple script, but the reason I need to do this on the command line is that I am using C# to invoke the above, and I don't want to create 2 powershell objects (for performance reason), so I would like to run the entire command in one powershell unit.
Any ideas how should I fix the above script?
Thanks in advance
Right, here I am answering my own question again (rather than deleting my post, incase it helps someone in the future).
It seems the property name is case-sensitive, so I need to replace:
$_.samaacountname
with
$_.SamAccountName
works like a charm after that
get-csuser | select samaccountname