Categories

New group from OU members

One topic that comes up fairly frequently is how can I put all of the members of an OU into a group.

We combine

http://msmvps.com/blogs/richardsiddaway/archive/2012/02/24/list-users-in-an-ou.aspx

and

http://msmvps.com/blogs/richardsiddaway/archive/2012/02/26/adding-a-user-to-a-group.aspx

$ou = "OU=BlogTests,DC=Manticore,DC=org"            
            
"`nMicrosoft"            
Get-ADUser -ResultSetSize 3000 -SearchBase $ou -Filter * -SearchScope OneLevel |             
foreach {            
 Add-ADGroupMember -Identity GroupUnvlSecA -Members $($_.DistinguishedName)            
}            
            
"`nAD provider"            
$groupdn = "CN=GroupUnvlSecB,OU=TestGroups,DC=Manticore,DC=org"            
$members = @()            
            
Get-ChildItem -Path AD:\$ou  |             
where {$_.objectclass -eq "user"} |             
foreach {            
$members = $members += $($_.DistinguishedName)            
}            
            
Set-ItemProperty -Path ad:\$groupdn -Name member -Value $members            
            
"`nQuest"            
Get-QADUser -SizeLimit 3000 -SearchRoot $ou -SearchScope OneLevel |             
Add-QADGroupMember -Identity GroupUnvlSecC             
            
            
"`nScript"            
$groupdn = "CN=GroupUnvlSecD,OU=TestGroups,DC=Manticore,DC=org"            
$group = [adsi]"LDAP://$groupdn"            
            
$root = [ADSI]"LDAP://$ou"            
$search = [adsisearcher]$root            
$search.Filter = "(&(objectclass=user)(objectcategory=user))"            
$search.SizeLimit = 3000            
$search.SearchScope = "OneLevel"            
$results = $search.FindAll()            
            
foreach ($result in $results){            
 $result.Properties |             
 foreach {             
  $group.Add("LDAP://$($_.distinguishedname)")             
  $group.SetInfo()             
 }            
}


Discover all of the users in a OU using the techniques that we have seen before and then loop through then adding the users to the group.



This provider will replace any existing members of the group – the others will just append the new members. In the case of the script an error will be thrown if the user is already a member.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>