Hello World;
Today; It will be also a short post !
Recently, I’ve been asked to help in writing a Powershell Script. The user was encountering a small issue in the script. One portion of the script consisted of adding computer accounts into Active Directory Groups. The user was simply using the ADD-ADGroupmember cmdlet but got errors each time he had to deal with computer accounts.
This post will simply explain how add computer accounts into groups while using Add-ADGroupmember cmdlet.
Reproduce the error
The user was trying to add a bunch of computer accounts into an AD Group and failed miserably. The user was using the following code (simplified for the demonstration)
import-module Active Directory
## COMENT LINE EXPLAINING HOW TO USE THE ADD-ADGroupMember
## Add-Adgroupmember -id <Name of the Group> -Members <Name of the computer>
Add-Adgroupmember -id Demo -Members Computer1
This cmdlet was throwing an error stating that the object computer1 could not be found in the Domain. (see screenshot below)
Click on picture for better resolution
Multiple ways to Resolve this issue
Option 1 – Use the “real” SamAccountName of the computer
As a matter of fact, the script/cmdlet is right. The object computer1 is not known in Active Directory but the object COMPUTER1$ is ! Indeed, in the Microsoft World, the samaccountName of a computer object always ends up with $. Now, if we change the code and replace the value of the computer account with the correct samAccountName. we will get something like
import-module Active Directory
## COMENT LINE EXPLAINING HOW TO USE THE ADD-ADGroupMember
## Add-Adgroupmember -id <Name of the Group> -Members <SamAccountName$>
Add-Adgroupmember -id Demo -Members Computer1$
As you can see in the screenshot below, the operation completed successfully and you have added your computer account into the Group.
Click on picture for better resolution
Option 2 – Pass the DN Value to the Add-ADGroupmember cmdlet
Instead of using the displayName of the computer account, you could use the DN (distinguished Name) of the computer. Your command would look like
add-adgroupmember -id demo -members “CN=COmputer1,OU=MyTest,DC=DEMO,DC=LAB”
This command is ok if you have only a few computers to add (and if you didn’t know about the samaccount name trick). However, if you have a lot of computers to add and they are located anywhere in you Active Directory, this can become challenging. This is not a good way to use the command line.
The solution here is to pass the information (about the DN) to the cmdlet Add-ADGroupMember. This can be really handy. You will be able to use the DisplayName of the computer account and still be able to add it to the group with no problem. To perform this magic trick, you will simply type the following command.
Add-ADGroupMember -id Demo -Members (Get-ADComputer Computer1)
And voila. You are able to add computers account into groups using the display Name
Click on picture for better resolution
This can be really handy when you have to insert multiple computer accounts into one (or more groups) and you have received an input file which contains… guess what …DisplayNames.
Using the previous commandlet and combining it with other ones, you will be able to easily perform your job. As an example, we provide a sample code for you to use. It would be something like this
#Get the content of the file and store it in a variable called $List
$List=Get-Content c:\inputFile.txt
#Foreach element in the $list, execute the code To add computers into the group
$List | foreach {Add-ADGroupMember -id DEMO -MEMBERS (Get-ADComputer $_) }
Note : You could create a more complex script where the input file would be a csv file containing the name of the computer and the name of the group where to be added. The principle would remain the same
Final Notes
As I said, this was a short and easy post ! With this little trick, you can ease your work and look professional while performing bulk operations. The user I helped was really impressed by this small trick .
I hope you enjoyed this post
Till Next Time
See ya
Thank´s for the tip!
I tested a bit and you can also do it like this:
$computers = get-content C:\Temp\dator.txt
Add-ADGroupMember “Test1” ($computers)
HEllo Tony
thank for the tip and for your visit….till next time
See ya
Hey Friend,
Cool Tips… i was able to write a script which helped our organization to ease an activity .. Thanks a lot 🙂
Hello There;
Thank you for the feedback and the visit.. We are happy that this tip can be useful
Till next time
See ya
Thanks! Big help!
@Stephen,
Thanks for visiting our blog and providing us good feedback. happy to see that this can be helpful
Till next time
See ya