Add-ADGroupMember of the psad command

Add-ADGroupMember of the psad command

We created our active directory group above, but it is empty. Next we must add members to it. Otherwise, it will never work if it is always an empty group. So we need to add corresponding users. How can we add them? Fellow Me

Let's take a look at the command to be executed:

It is very simple. We only need to execute simple commands to add our users to our group. We can see the following for a single user group:

Add-adgroupmember-identity it-members lirun and lisi:

 

The above is the simplest mode. What should I do if I want to add all the users of an OU to a group? For example, we want all users under line OU to be added to linegroup:

At this time, we need to first know the users under our Line OU. What command should we use? Get-aduser: Let's Get the user out first without worrying about this command:

The next step is to add these users to the group and execute the following PS command to complete this action:

Get-aduser-searchbase "ou = line, dc = pilot, dc = com"-filter * | foreach {add-adgroupmember-identity linegroup-members $ _. name}

Next, let's take a look at something more advanced, that is, adding users to the group below OU based on different OU. At this time, there are three layers of OU users in the production line, all OU-level users of the production line need to be added to our Linegroup group.

Therefore, we need to build such a CSV file to join the corresponding group, and edit the file in the following format:

Ou, Groupname

It, itgroup

Caiwu, caiwugroup

Line, linegroup

Ad, adgroup

 

Next, we will write a script to add the corresponding OU users to our corresponding group.

$oulist=import-csv-path d:\grouplist.csvForeach($ouin $oulist){$ouname="ou="+$ou.ou+",dc=pilot,dc=com";$userinou=get-aduser-searchbase $ouname -searchscope "subtree" -filter *;Foreach($userin $userinou){Add-adgroupmember-identity $ou.groupname -members $user.name;}}

Let's take a look at the results. Except for an account that does not exist in the Active Directory, all the other accounts are added to the group below the corresponding OU: