Powershell Tip – Add computers to Group using ADD-ADGroupMember cmdlet

Add-ADGroupLogo

 

Hello World;

Today; It will be also a short post !

Recently, I’ve been asked to help in writing a Powershell Script.  The user was encountering a small issue in the script.  One portion of the script consisted of adding computer accounts into Active Directory Groups.  The user was simply using the ADD-ADGroupmember cmdlet but got errors each time he had to deal with computer accounts.

This post will simply explain how add computer accounts into groups while using Add-ADGroupmember cmdlet.

Reproduce the error

The user was trying to add a bunch of computer accounts into an AD Group and failed miserably.  The user was using the following code (simplified for the demonstration)

import-module Active Directory

## COMENT LINE EXPLAINING HOW TO USE THE ADD-ADGroupMember

## Add-Adgroupmember -id <Name of the Group> -Members <Name of the computer>

Add-Adgroupmember -id  Demo -Members Computer1 

 

This cmdlet was throwing an error stating that the object computer1 could not be found in the Domain. (see screenshot below)

 

add-adgroupmember1

Click on picture for better resolution

 

Multiple ways to Resolve this issue

Option 1 – Use the “real” SamAccountName of the computer

As a matter of fact, the script/cmdlet is right.  The object computer1 is not known in Active Directory but the object COMPUTER1$ is !  Indeed, in the Microsoft World, the samaccountName of a computer object always ends up with $.   Now, if we change the code and replace the value of the computer account with the correct samAccountName. we will get something like

import-module Active Directory

## COMENT LINE EXPLAINING HOW TO USE THE ADD-ADGroupMember

## Add-Adgroupmember -id <Name of the Group> -Members <SamAccountName$>

Add-Adgroupmember -id  Demo -Members Computer1$ 

As you can see in the screenshot below, the operation completed successfully and you have added your computer account into the Group.

add-adgroupmember2

Click on picture for better resolution

Option 2 – Pass the DN Value to the Add-ADGroupmember cmdlet

Instead of using the displayName of the computer account, you could use the DN (distinguished Name) of the computer.  Your command would look like

add-adgroupmember -id demo -members “CN=COmputer1,OU=MyTest,DC=DEMO,DC=LAB”

This command is ok if you have only a few computers to add (and if you didn’t know about the samaccount name trick).  However, if you have a lot of computers to add and they are located anywhere in you Active Directory, this can become challenging.  This is not a good way to use the command line.

The solution here is to pass the information (about the DN) to the cmdlet Add-ADGroupMember.  This can be really handy.  You will be able to use the DisplayName of the computer account and still be able to add it to the group with no problem.  To perform this magic trick, you will simply type the following command.

Add-ADGroupMember -id Demo -Members (Get-ADComputer Computer1)

And voila.  You are able to add computers account into groups using the display Name

add-adgroupmember3

Click on picture for better resolution

This can be really handy when you have to insert multiple computer accounts into one (or more groups) and you have received an input file which contains… guess what …DisplayNames. 

Using the previous commandlet and combining it with other ones, you will be able to easily perform your job.  As an example, we provide a sample code for you to use.  It would be something like this

#Get the content of the file and store it in a variable called $List

$List=Get-Content c:\inputFile.txt

#Foreach element in the $list, execute the code To add computers into the group

$List | foreach {Add-ADGroupMember -id DEMO -MEMBERS (Get-ADComputer $_) }

Note : You could create a more complex script where the input file would be a csv file containing the name of the computer and the name of the group where to be added.  The principle would remain the same

Final Notes

As I said, this was a short and easy post !   With this little trick, you can ease your work and look professional while performing bulk operations.  The user I helped was really impressed by this small trick .

I hope you enjoyed this post

Till Next Time

See ya

 

 

 

 

 

 

4 thoughts on “Powershell Tip – Add computers to Group using ADD-ADGroupMember cmdlet

  1. Thank´s for the tip!
    I tested a bit and you can also do it like this:
    $computers = get-content C:\Temp\dator.txt
    Add-ADGroupMember “Test1” ($computers)

  2. Hey Friend,

    Cool Tips… i was able to write a script which helped our organization to ease an activity .. Thanks a lot 🙂

Leave a Reply