Monthly Archive

New group from OU members

One topic that comes up fairly frequently is how can I put all of the members of an OU into a group.

We combine


$ou = "OU=BlogTests,DC=Manticore,DC=org"            
Get-ADUser -ResultSetSize 3000 -SearchBase $ou -Filter * -SearchScope OneLevel |             
foreach {            
 Add-ADGroupMember -Identity GroupUnvlSecA -Members $($_.DistinguishedName)            
"`nAD provider"            
$groupdn = "CN=GroupUnvlSecB,OU=TestGroups,DC=Manticore,DC=org"            
$members = @()            
Get-ChildItem -Path AD:\$ou  |             
where {$_.objectclass -eq "user"} |             
foreach {            
$members = $members += $($_.DistinguishedName)            
Set-ItemProperty -Path ad:\$groupdn -Name member -Value $members            
Get-QADUser -SizeLimit 3000 -SearchRoot $ou -SearchScope OneLevel |             
Add-QADGroupMember -Identity GroupUnvlSecC             
$groupdn = "CN=GroupUnvlSecD,OU=TestGroups,DC=Manticore,DC=org"            
$group = [adsi]"LDAP://$groupdn"            
$root = [ADSI]"LDAP://$ou"            
$search = [adsisearcher]$root            
$search.Filter = "(&(objectclass=user)(objectcategory=user))"            
$search.SizeLimit = 3000            
$search.SearchScope = "OneLevel"            
$results = $search.FindAll()            
foreach ($result in $results){            
 $result.Properties |             
 foreach {             

Discover all of the users in a OU using the techniques that we have seen before and then loop through then adding the users to the group.

This provider will replace any existing members of the group – the others will just append the new members. In the case of the script an error will be thrown if the user is already a member.

Leave a Reply