Get-ADUser in a ForEach loop not working

Hi Everybody,

I have been racking my brain trying to figure out what every post I read says is straightforward is not working for me. Simply put I have a txt file which is generated by another department that has UPNs in it. We have multiple realms in our domain due to migration from a non-AD directory.

File looks like this

I need to populate an AD group. My code looks like this

Import-module ActiveDirectory
$group = “CN=somegroup,OU=someou,DC=edu”
$updatedUserFile = “D:\userfile.txt”
Remove-ADGroupMember $group -Members (Get-ADGroupMember $group) -Confirm:$false
ForEach ($user in ( Get-Content $updatedUserFile)) {
Get-ADUser -Filter {UserPrincipalName -eq $user} | Add-ADPrincipalGroupMembership -MemberOf $group

This is running on a 2016 server with PSVersion 5.1.14393.2430. I get the following errors

Add-ADPrincipalGroupMembership : Object reference not set to an instance of an object.

At C:\test.ps1:12 char:57

  • … ame -eq “$($User)”} | Add-ADPrincipalGroupMembership -MemberOf $group

  •                       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • CategoryInfo : NotSpecified: (:slight_smile: [Add-ADPrincipalGroupMembership], NullReferenceException

  • FullyQualifiedErrorId : ActiveDirectoryCmdlet:System.NullReferenceException,Microsoft.ActiveDirectory.Management.Commands.AddADPrincipalGroupMembership

While the Get-ADUser works on a line by itself it fails in the loop. My research leads me to believe am not passing my loop variable correctly so I have tried

-Filter “UserPrincipalName -eq ‘$user’”
-Filter {UserPrincipalName -eq $user}
-Filter {UserPrincipalName -eq $($user)}
-Filter {UserPrincipalName -eq ‘$($user)’}

and a few other variations.

Please help


I would simplify the code a bit and do this


get-content D:\userfile.txt | % {add-adgroupmember -identity $group -members $_}

Check for leading/trailing whitespaces in the text file.
You can always do a trim() to trim out leading/trailing white spaces.


Hi Jon,

Thanks for the help. I’m still getting errors. I think it’s because my file is using UPNs not samAccountNames with your approach. Due to having mixed realms in our environment, I am leaving room for the same username at different realms. I am using the UPN, because I know they are unique.

add-adgroupmember : Cannot find an object with identity: ' ’ under: ‘DC=domain,DC=edu’.

At line:10 char:35

  • … $updatedUserFile | % {add-adgroupmember -identity $group -members $_}

  •                       ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • CategoryInfo : ObjectNotFound: (user@domain… :ADPrincipal) [Add-ADGroupMember], ADIdentityNotFoundException

  • FullyQualifiedErrorId : SetADGroupMember.ValidateMembersParameter,Microsoft.ActiveDirectory.Management.Commands.AddADGroupMember


Ahhh…I missed that, sorry! Also, make sure you format your code. Instructions are in bold at the top of every reply.

What about something like this?

foreach ($user in $updatedUserFile)


$foundusers = Get-aduser -filter {userprincipalname -eq $user}

foreach ($founduser in $foundusers)


add-adgroupmember -identity $group -members $founduser




I don’t have a multi domain setup anymore so I can’t verify, but I think something like that (with maybe some needed improvements) should work.


Hi Kvprasoon,
Thanks for the suggestion. I didn’t mention that the file gets generated on a Linux system and transfered to Windows. When I looked at the file in Notepad it looks like a long line with spaces between values and in Wordpad looks normal. I tried using .trim() but that didn’t solve my issue. Closer inspection of the input file revealed spaces and Unix not Windows new line characters.

Working now. Thanks for pointing me in the right direction.


That’s strange. Unix input text files work ok for me in windows powershell scripts. My only problem was “unicode” text produced by Out-File and Infoblox.