0

I am trying to add my users to AD groups through PowerShell AD. Here is my current code:

Import-Module ActiveDirectory                  #Import the active directory module
Import-CSV C:\Userlist.csv | ForEach {         #Import the csv file and start the for   each statement.

$groups =@{
grouparray = $_.group.split(',')
};
$user = @{                                 #Create the user variable and set the   values within
name=$_.name                       #Call the name field from the csv file
givenname=$_.givenname                 #Callthe givenname field from the csv  file.
surname=$_.surname                 #call the surname field from the csv file
samaccountname=$_.samaccountname           #Call the samaccountname field from the csv file
department=$_.department               #call the department field from the csv file.
accountpassword=(ConvertTo-SecureString "P@ssw0rd" -AsPlainText -Force)  #set the password
homedirectory=$_.homedirectory             #Call the homedirectory field
emailaddress=$_.emailaddress            #call the email address field
mobilephone=$_.mobilephone          #call the mobile phone field
Path="Ou=People,dc=G3Zone,dc=local"  #Path to the OU    "People"    
Enabled=$True                           #enable the account
};#@   

   New-ADUser @user                     #Create the new user with the        information gathered fromthe csv.
   add-ADGroupMember -Identity  @groups –member $_.samaccountname
  } #endforeach

This is my csv file:

name,givenname,surname,samaccountname,department,group,accountpassword,homedirectory,mobilephone,emailaddress
"Todd Fast",Todd,Fast,Tfast,President,ManagerGroup,P@ssword1,\\Group3\homedirs\Tfast,111-1111,[email protected]
"Joe Doe",Joe,Doe,Jdoe,Accounting VP,"ManagerGroup,AccountingGroup",P@ssword1,\\Group3\homedirs\Jdoe,111-1112,[email protected]
"Elaine Irving",Elaine,Irving,Eirving,HR VP,"ManagerGroup,HRGroup",P@ssword1,\\Group3\homedirs\Eirving,111-1113,[email protected]
"Jane Malzur",Jane,Malzur,Jmalzur,Executive Assistant,"ManagerGroup, Corporate",P@ssword1,\\Group3\homedirs\Jmalzur,111-1114,[email protected]
Mike Fox,Mike,Fox,Mfox,IS VP,"ManagerGroup,ISGroup",P@ssword1,\\Group3\homedirs\Mfox,111-1115,[email protected]
Julie Cash,Julie,Cash,Jcash,Accounting,AccountingGroup,P@ssword1,\\Group3\homedirs\Jcash,111-1116,[email protected]
Manny Greene,Manny,Greene,Mgreene,Accounting,AccountingGroup,P@ssword1,\\Group3\homedirs\Mgreene,111-1117,[email protected]
Russ Maine,Russ,Maine,Rmaine,HR,HRGroup,P@ssword1,\\Group3\homedirs\Rmaine,111-1118,[email protected]
Paul Lam,Paul,Lam,Plam,HR,HRGroup,P@ssword1,\\Group3\homedirs\Plam,111-1119,[email protected]
Tom Scerbo,Tom,Scerbo,Tscerbo,HR,HRGroup,P@ssword1,\\Group3\homedirs\Tscerbo,111-1120,[email protected]
Kate McCool,Kate,McCool,KMcCool,HR,HRGroup,P@ssword1,\\Group3\homedirs\KMcCool,111-1121,[email protected]
Lech Walsh,Lech,Walsh,Lwalsh,IS,ISGroup,P@ssword1,\\Group3\homedirs\Lwalsh,111-1122,[email protected]
Bonnie Clive,Bonnie,Clive,Bclive,IS,ISGroup,P@ssword1,\\Group3\homedirs\Bclive,111-1123,[email protected]
Esther Male,Esther,Malo,Emalo,IS,ISGroup,P@ssword1,\\Group3\homedirs\Emalo,111-1124,[email protected]

The error I get is:

Add-ADGroupMember : Missing an argument for parameter 'Identity'. Specify a par
ameter of type 'Microsoft.ActiveDirectory.Management.ADGroup' and try again.
At C:\test2.ps1:26 char:29
+  add-ADGroupMember -Identity <<<<   @groups -member $_.samaccountname
    + CategoryInfo          : InvalidArgument: (:) [Add-ADGroupMember], Parame
   terBindingException
    + FullyQualifiedErrorId : MissingArgument,Microsoft.ActiveDirectory.Manage
   ment.Commands.AddADGroupMember

Also if possible I'd like to be able to create and add them to their own home directories.

Improve this question

3 Answers 3

Reset to default
1

Instead of using Add-ADGroupMember, I use Add-ADPrincipalGroupMembership -Identity $instloginID -MemberOf $instGroup. It works well for me.

I'm a little confused about why you are putting the information in an array. I am not a pro; have only been running posh about 2.5 years. So my question is as much for my benefit as it is for yours. Does the array make it run faster? I plug each part of my user definition into its own variable and do it that way. The code looks a lot more straight forward and possibly easier to maintain that way.

My code to create home directories:

function Create-HomeDirs ($Synonym, $Number2Make, $studhomedir) 
{
###################################################################################
# This function creates student home directories. It also assigns permissions.    #
###################################################################################

    for ($i=1; $i -le $Number2Make; $i++)                           # Create homedirs from synonym                                       
        {
        $NewUser = ($Synonym + $i.ToString("00"))                   # Pad last two digits with zeroes so you get xxxxx01 instead of xxxxx1 
        $HomeDir = "$studhomedir\$NewUser"
        $Principal= "domain\$NewUser"

        write-host "HomeDir Being Created = $HomeDir"
        New-Item ($HomeDir) –Type Directory

        }   #end for
#
# The piece that assigns permissions sometimes fails due to sync problems. 
# This is why I put the "read-host" command in the code, to slow it down.
#  
$x = (read-host "`nReady to do permisisons? Press <Enter> to continue.")
   for ($i=1; $i -le $Number2Make; $i++)                           # Add permissions to homedirs                                       
     {
        $NewUser = ($Synonym + $i.ToString("00"))                   # Pad last two digits with zeroes so you get xxxxx01 instead of xxxxx1 
        $HomeDir = "$studhomedir\$NewUser"
        $Principal= "domain\$NewUser"
        write-host "newuser = $newuser. Homedir = $homeDir. Principal = $principal"
        write-host "HomeDir Permissions being created = $HomeDir"

        $Rights = [System.Security.AccessControl.FileSystemRights]"FullControl"                      # This line and next 3 put security settings in variables 
        $InheritanceFlag = [System.Security.AccessControl.InheritanceFlags]"ContainerInherit, ObjectInherit"
        $PropagationFlag = [System.Security.AccessControl.PropagationFlags]::None 
        $objType =[System.Security.AccessControl.AccessControlType]::Allow 

        $objACE=New-Object System.Security.AccessControl.FileSystemAccessRule($Principal, $Rights, $InheritanceFlag, $PropagationFlag, $objType) 
        $objACL = Get-ACL $HomeDir                                                        # Get existing ACL for home directory

        $objace

        if ($objACe)
           {
           $objACL.AddAccessRule($objACE)                                                    # Add ACE to this ACL

           Set-ACL $HomeDir $objACL                                                          # Put modified ACL back on home directory
           }
        else
           {write-host "objACL appears to be empty, line 359"}
     }   #end for

} # end function Create-HomeDirs

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I don't know if there is much benefit for using an array. I was just coding away and this is what i got to work. If you have a simpler way of writing it i am interested in seeing it.
OK. I just edited some of my code quite a bit to come up with this blurb. My script is very large and does a ton of stuff with a lot of checks. So I extracted the part I think you can use. Hope this is useful.
1

Hey guys I figured it out I guess I won't fail after all :)

#Importing the Users
Import-CSV C:\Users\Administrator\Desktop\users.csv | foreach-object {New-ADUser -Name  $_.Name -GivenName $_.FirstName -Surname $_.LastName -Enabled $True -PasswordNeverExpires $True -AccountPassword (ConvertTo-SecureString $_.Password -AsPlainText -Force) -ChangePasswordAtLogon $False -Department $_.Department -EmailAddress $_.Email -OfficePhone $_.Phone -Path $_.Path -SamAccountName $_.SamAccountName -Title $_.Title -UserPrincipalName $_.UPN}

#Adding the Users to the Groups
Import-CSV C:\Users\Administrator\Desktop\Powershell\usergroups.csv | ForEach-Object {
$SAM = $_.SAM
$Group = $_.Group
$Groups = $Group.split(" ")
foreach($l in $Groups){
Add-ADGroupMember -Identity $l -Member $SAM
}
}
Improve this answer

Comments

0

It's looking for the group identity, which was omitted from the group array and needs to inserted as a $_. variable.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.