Assistance adding ADGroupMember for multiple variables

Hello,

I am very new to PowerShell and would appreciate some assistance on something that is likely very basic.

We use a script to onboard new employees and I need to make a modification but I am struggling with the appropriate formatting to accomplish what I need.

As the script is now, it will add AD Group Membership based on employee location and this is how we accomplish that.

if ($Office -eq "Location1") {
"Security Group 1","Security Group 2" | Add-ADGroupMember -Members $UserlogonName
}

I am trying to add a second variable based on employee type (ie. full time employee, contractor, intern, or temp) and want to add AD membership based on the combination of the office location variable and employee type variable. Below is one of the ways I have tried to accomplish this.

if(($Office -eq "Location1") -and ($EmployeeType -eq "Full Time")){
"Security Group 1", "Security Group 2" | Add-ADGroupMember -Members $UserlogonName}

if(($Office -eq "Location1") -and ($EmployeeType -eq "Contractor" -or $EmployeeType -eq "Intern" -or $EmployeeType -eq "Temp")){
"Security Group 3", "Security Group 4" | Add-ADGroupMember -Members $UserlogonName}

Could someone point out what I am doing wrong here? Any help is very much appreciated.

Thanks!

-Zack

Zack,

welcome to the forums.

when you post code, error messages, sample data or console output format it as code, please.

Here you can read how that works: Guide to Posting Code.

You can go back and edit your existing post. You don’t have to create a new one. :wink:

Thanks in advance.

This:

if(($Office -eq 'Location1') -and ($EmployeeType -eq 'Contractor' -or 'Intern' -or 'Temp')){

cannot work!! :wink:

If you want to combine multiple comparisons you have to compare each individual option to the variable explicitly. Like this:

if (($Office -eq 'Location1') -and ($EmployeeType -eq 'Contractor' -or $EmployeeType -eq 'Intern' -or $EmployeeType -eq 'Temp')) {

Thanks for the tip. I have entered the code in as you have said and am getting the below error.

At E:\Scripts\1.New Account Creation\NewAD_Version2.4-TEST.ps1:784 char:131
+ ... actor" -or $EmployeeType -eq "Intern" -or $EmployeeType -eq "Temp")){
+                                                                         ~
Missing closing '}' in statement block or type definition.
At E:\Scripts\1.New Account Creation\NewAD_Version2.4-TEST.ps1:775 char:69
+ if(($Office -eq "Location 1") -and ($EmployeeType -eq "Full Time")){
+                                                                     ~
Missing closing '}' in statement block or type definition.
    + CategoryInfo          : ParserError: (:) [], ParentContainsErrorRecordException
    + FullyQualifiedErrorId : MissingEndCurlyBrace

When I make the below change (adding a second curly bracket behind $UserlogonName) , I am able to run the script, but it does not add any security groups

if(($Office -eq "Location 1") -and ($EmployeeType -eq "Full Time")){

"Security Group 1","Security Group 2" | 
    Add-ADGroupMember -Members $UserlogonName }}        
    
if (($Office -eq "Location 1") -and ($EmployeeType -eq "Contractor" -or $EmployeeType -eq "Intern" -or $EmployeeType -eq "Temp")){
"Security Group 3","Security Group 4" |
    Add-ADGroupMember -Members $UserlogonName }}

Any other ideas?

Thanks in advance for your help.

-Zack

Another approach:

$Office = 'Location1'
$EmployeeType = 'Intern'

switch ($Office) {
    'Location1' {
        switch -Regex ($EmployeeType) {
            "Full Time" {
                $groups = "Security Group 1", "Security Group 2"
            }
            "Contractor|Intern|Temp" {
                $groups = "Security Group 3", "Security Group 4"
            }
        }
    }
}

$groups # | Add-ADGroupMember -Members $UserlogonName

The code I posted is meant to be a correction of the code you posted. You should find the code equal to the first line of code I posted in cour script and replace it with the second line of code I posted. The rest of your code should stay the same.

You should try to not just copy the code I posted. You should try to understand what’s different and think about my explanation. :wink:

The code you posted now cannot work as well actually. You may share a little bit more of the actual script you use.

I think there might be a bit of confusion since I went back and edited my original post. I apologize for editing the original code that I posted. I just wanted other users to see that code to potentially help with something else that may be missing from it since it still does not work after making the changes that you suggested.

I totally understood what you are saying in regards to adding $EmployeeType -eq before each different value when using the -or operator, but I wasn’t understanding why I was receiving an error in regards to a MissingEndCurlyBracket. I tried to remedy this by adding an additional curly bracket, which prevented the error from appearing, but did not function as I had hoped by adding the expected security groups.

Just not sure where I am going wrong because this code seems to me like it should work.

I did leave something out of the initial code that I did not think was relevant, but maybe it is and that is why it is not working. See below:

if(($Office -eq "Location1") -and ($EmployeeType -eq "Full Time")){

"Security Group 1","Security Group 2" | 
    Add-ADGroupMember -Members $UserlogonName

      if ($VPNResponse -eq "Y" ) {"Group that grants VPN access" |
    Add-ADGroupMember -Members $UserlogonName }
 }        
    
if (($Office -eq "Location 1") -and ($EmployeeType -eq "Contractor" -or $EmployeeType -eq "Intern" -or $EmployeeType -eq "Temp")){
"Security Group 3","Security Group 4" |
    Add-ADGroupMember -Members $UserlogonName 
    
    if ($VPNResponse -eq "Y" ) {"Group that grants VPN access" |
    Add-ADGroupMember -Members $UserlogonName }
    }

Sorry for not initially posting this, but does anyone see an issue with the above code?

Don’t worry - it’s all good. :wink:

The code looks good to me actually. If it does not do what you want you might add some debug or verbose output.

Regardless of that - instead of Add-ADGroupMember you could use Add-ADPrincipalGroupMembership as well to add a single account to multiple groups at once. :wink:

1 Like

So I finally figured it out. Thanks for being patient with me Olaf. The last code I posted was correct, but what I needed to change was the value in the EmployeeType variable. The script that we use updates the EmployeeType value midscript depending on what country they reside in. So basically I needed to update the following lines from

($EmployeeType -eq "Full Time")
($EmployeeType -eq "Contractor" -or $EmployeeType -eq "Intern" -or $EmployeeType -eq "Temp")

to

($EmployeeType -eq "Full Time-US")
($EmployeeType -eq "Contractor-US" -or $EmployeeType -eq "Intern-US" -or $EmployeeType -eq "Temp-US")

Not sure if I am making sense, but just wanted to let everyone know that I got it working now.

Really really appreciate the help.

1 Like

Thanks for sharing and great that it is working now.