PowerShell script to add users to Group from csv file based on decision control
Hello Guys ,
This is my first article of my life . I have no idea how to write a good article , but I am trying a describe in detail as possible as I can,
I found a question on Exchange server forum to import users from csv file and add to group based on decision control, which inspired me to write a article about it.
Today I am going to create a script and then finally a function which can be used to import list of existing users and add to particular AD group based on decision control.
**Goal of this script /function
**
- Read a CSV file which should contains list of users
- Check to see if user is in security group (If it's not, add to group and if it is, then leave as is and continue with next users)
Creating script:
At first we have to create .csv file which should contains a list of existing user. For this I have created a users.csv file which contains the desired list of user’s entry as below:
Identity
User1
User2
User3
…….
Here, in identity column we have entered ‘SamAccountName’ of users. We can list ‘SamAccountName’ of user easily by using below cmdlet
Get-AdUser -Filter * |ft samaccountname
Now ,we have users.csv file and I save it in C: drive for simplicity.
Next Step would be to create the script :-
Here my scenario is to add some users to a group.
So my script contains below code:
foreach ( $user in (Import-Csv .\users.csv | select -ExpandProperty identity))
{
$u = (Get-ADUser -Identity $user).distinguishedName
$g = Get-ADGroupMember -Identity “TestGroup”| select -ExpandProperty distinguishedname
If ($g -contains $u ) {
** Write-Host " $user already exists in this group"**
}
Else {
** Add-ADGroupMember $group -Members $u**
** Write-host " $user added to group successfully”**
** } }**
I have saved above PowerShell script as “GroupAdd.ps1” name in C: drive.
Now, let’s check if it is working as expected:
First I am checking the members of “TestGroup”
Now , I want to add some more users to TestGroup based on decision control .
This script does our work but it has one problem, we need to change group name in script every time when we have to add users to different group other than Group which is in script’s code.
So, to overcome from this problem I thought why not create custom function which can be called with desired group name as a parameter.
Creating Function:
So I have create a function named “ GroupAdd” with some modification in existing script. My custom function contains following code:
Function groupadd
** {**
param ($group)
foreach ( $user in (Import-Csv .\users.csv | select -ExpandProperty identity))
{
$u = (Get-ADUser -Identity $user).distinguishedName
$g = Get-ADGroupMember -Identity $group| select -ExpandProperty distinguishedname
If ( $g -contains $u ) {
** Write-Host " $user already exists in $group group"**
}
Else {
** Add-ADGroupMember $group -Members $u**
** Write-host " $user added to $group group successfully” **
} }
}
What's needed to use this function?
- A .csv file which contains list of users “samaccountname”
- PowerShell profile.
For easy to use this function, we save this function in my PowerShell profile.
To create the powershell profile we have use the following cmdlet:
New-Item -ItemType file -Path $PROFILE -Force
** **Above cmdlet will create a profile in $profile path.
To open and edit profile we have used below cmdlet:
Notepad $profile
We have to copy custom function’s code and paste in this profile, then finally save it.
Now, it’s time to test custom function, I want to some more users to TestGroup so let’s start
We include some more users in “users.csv” file and want to add these users to “TestGroup “by using “GroupAdd” function.
We can see above screenshot , I have called “ GroupAdd” function with ‘testgroup’ group name as parameter for the function , and this function have added “user11” and “ user12” successfully.
Let’s check to add user to different group other than “TestGroup”:
Here , I am trying to add some users to predefined system created “Remote Desktop users” group.
And function “GroupAdd” does his work perfectly.
Conclusion:
We can add users to any AD group based on decision control by just using two words of cmdlet.
That's it from my side.
Please feel free to give any feedback for this article.