You can Add Group members by using the Active Directory powershell cmdlet Add-ADGroupMember.
Add-ADGroupMember [-Identity] <ADGroup> [-Members] <ADPrincipal[]>
The Identity parameter specifies the Active Directory group that receives the new members. You can identify a group by its distinguished name (DN), GUID, SID or SamAccountName.
The Members parameter specifies the new members to add to a group. You can identify a new member by its distinguished name (DN), GUID, SID or SamAccountName.
Summary:
- Add Active Directory Group members
- Add members by importing members from other AD Group
- Add members by importing members from CSV file
Add AD Group members using Powershell
Add user accounts to AD Group by samAccountName:
Import-Module ActiveDirectory Add-ADGroupMember "Domain Admins" "MorganTest1,MorganTest2";
Add AD Group members by distinguished name (DN):
Import-Module ActiveDirectory Add-ADGroupMember "Domain Admins" "CN=MorganTest1,OU=London,DC=TestDomain,DC=local";
Add members by importing members from other Group
By using above examples, you can easily add the group members to AD group. Providing and changing permissions to AD security object is inevitable in this dynamic world. So in some cases, you may be in the need of adding new group members by importing members from other existing Active Directory group. Use the below powershell script to achieve this need.
Steps to import existing Group members to other AD Group:
1. Copy the below Powershell script and paste in Notepad file.
2. Change the value for the variables $existingGroup and $newGroup with your own AD Group which you want to import and add group members
3. SaveAs the Notepad file with the extension .ps1 like Import-Add-Group-Members.ps1
Powershell script file: Download Import-Add-Group-Members.ps1
Import-Module ActiveDirectory
$existingGroup = "Domain Admins"
$newGroup = "Powershell Admins"
Get-ADGroupMember $existingGroup | ForEach-Object {
$samAccountName = $_."samAccountName"
Add-ADGroupMember $newGroup $samAccountName;
Write-Host "- "$samAccountName" added to "$newGroup
}
4. Now run the file Import-Add-Group-Members.ps1 from Powershell to Import members from existing AD Group and add as members of other AD Group.
PS C:Scripts> .Import-Add-Group-Members.ps1
Add members to AD Group by importing members from CSV
1. Consider the CSV file Users.csv which contains set of Active Directory users to add as members to AD Group with the attribute samAccountName.
2. Copy the below Powershell script and paste in Notepad file.
3. Change the Users.csv file path with your own csv file path.
4. SaveAs the Notepad file with the extension .ps1 like Import-AD-Group-Members-From-CSV.ps1
Powershell script file: Download Import-AD-Group-Members-From-CSV.ps1
Import-Module ActiveDirectory
$adGroup = "Powershell Admins"
Import-Csv "C:\ScriptsUsers.csv" | ForEach-Object {
$samAccountName = $_."samAccountName"
Add-ADGroupMember $adGroup $samAccountName;
Write-Host "- "$samAccountName" added to "$adGroup
}
5. Now run the file Import-AD-Group-Members-From-CSV.ps1 from Powershell to Import Bulk Active Directory users from CSV and add as member to AD Security Group.
PS C:Scripts> .Import-AD-Group-Members-From-CSV.ps1
Note: I have placed script file in the location C:Scripts, if you placed in any other location, you can navigate to that path using CD path command (like cd “C:\Downloads”).
Thanks,
Morgan
Software Developer
Hi Morgan, thanks for the article
Trying to add users from csv to AD. I am using distinguished names to usernames in the csv and i keep getting this error
Add-ADGroupMember : Cannot find an object with identity: 'CN=rcmex,OU=xyUsers,DC=ad3,DC=XYZ,DC=com' under: 'DC=ou,DC=ad3,DC=XYZ,DC=com'.
From my understanding users are in different domain and groups are in different domain (sub OU). I tried different options, was able add users from one group to other in same OU, able to add users locally defined (in Root OU – ou.ad3.xyz.com). am new to this AD and powershell, Can you share your ideas? appreciate any help
Hi Ramii, can you try to use distinguished name for group also?
Thanks Morgan, was able to resolve it, by getting group and user properties separately and then adding to group
$DomainGroupDN = Get-ADGroup -Identity $GroupName -Server ou.ad3.abc.com
$SamDN = Get-ADUser $Member -Server ad3.abc.com
Add-ADGroupMember $DomainGroupDN -Server ou.ad3.abc.com-Members $SamDN
thanks Morgan, the article helped me.
Thank you!!! I stumbled across several sites that showed how to do this the wrong way. Your illustration worked perfectly. So many others try to use -Member which is not even the correct syntax.
Still Very Helpful! Thanks so much!
Import-Module ActiveDirectory
$existingGroup = “Domain Admins”
$newGroup = “Powershell Admins”
Get-ADGroupMember $existingGroup | ForEach-Object {
$samAccountName = $_.”samAccountName”
Add-ADGroupMember $newGroup $samAccountName;
Write-Host “- “$samAccountName” added to “$newGroup
}
Add-ADGroupMember : Cannot validate argument on parameter ‘Identity’. The argument is null. Provide a valid value for the argument, and then try running the command
again.
At line:6 char:22
+ Add-ADGroupMember $testgrpoutput $samAccountName;
+ ~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Add-ADGroupMember], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.ActiveDirectory.Management.Commands.AddADGroupMember
Not working.
The error message indicates that the target group in which you are trying to add member is not available. Ensure that you have provided the correct group name as input for this variable “$newGroup”.