Bulk Add AD Computers to AD Group

Hi,

I’m looking for the best way to bulk add a list (txt) of AD Computer Accounts to a specific AD Group, has anyone out there done this before ?

PowerShell 3+:

$computers = Get-ADComputers * | Select -ExpandProperty SamAccountName
Get-ADGroup testgroup | Add-ADGroupMember -Member $computers

Add-ADGroupMember might actually be able to take ADComputer objects. I don’t remember off the top of my head and I don’t have a test environment at hand right now.

PowerShell 2:

$computers = @() # list of computer distinguishedName values

$group = [ADSI]"LDAP://CN=TestGroup,OU=Groups,DC=example,DC=com"
foreach($computerDn in $computers) {
    # The .Add() method outputs the number of objects in the list, so Out-Null to avoid unnecessary clutter
    $group.Properties["member"].Add($computerDn) | Out-Null 
}
$group.CommitChanges()

Hi Martin,

Thanks for coming back so quickly - is there a way of reading the computer names from a text file, i just have a list of computernames that are located in various OU’s that i need to add to an AD Group for Software Distribution purposes.

Good news though - i have PowerShell 3!

Sure

$computers = Get-Content .\computers.txt

Put one computer name per line. You may have to add $ to the end of the names though, as I can’t recall if it requires SamAccountNames, or if simply using the name is enough. Again, no test environment.

Just want to clarify that AD cmdlets work in V2 as well… But good to see two different examples of accomplishing the same thing! That’s what PowerShell is all about!

They do? Ah. My bad. Use the Cmdlets then, less chance to go wrong. ADSI can be a strange place at times.

Thanks Guys, i’ll put it to the test!

I believe you can also do something similar to this:

Get-ADComputers -Filter {SamAccountName -like "*Notebook*"} | Add-ADPrincipleGroupMembership -MemberOf "NewGroupName

It says Add-ADPrinipleGroupMembership should take pipline, but I want to say that I end up doing things through a foreach like this.

Get-ADComputers -Filter {SamAccountName -like "*Notebook*"} | Foreach-Object { Add-ADPrincipleGroupMembership -Identity $_.SamAccountName -MemberOf "NewGroupName" }

Again, there are so many ways to do the same thing, I guess I have something to do Monday by throwing some of those through a Measure-Command to see which one I should be using.