Put domain computer(s) into Security Group

I’m fairly new to PowerShell so I’m trying to do more admin functions in PS than the GUI. When I’m pushing out a new application with Group Policy, I create a Security Group for the computers to get the program.

I’ve been struggling with something as simple as placing a computer into a security group with PS.

Sure, eventually, I’d like to have a script that dumps a bunch of computers into the group, but I’m trying to do a single one to start to see it work and I’m failing at a pretty simple task.

I’ve tried using add-adgroupmember -identity -members . I’m using the computer’s DNS name.

I even tried simply typing add-adgroupmember .

I’m prompted for Identity and it takes the group name, now prompting me for members (0), I paste in the DNS computer name and enter. The prompt goes to members(1). I hit enter and it tells me it can’t find the computer name.

After spending a good deal of time on this, it’s time to ask for some advice.


Good for you!

So the [1] prompt you’re seeing is because the parameter can accept multiple values; hitting Enter on a blank line is the correct way to make it proceed. So now we just need to get it a legit value.

Specifying a DN might be a better way to identify the computer, if you can. You can also provide a GUID, SID, or SAM account name. A fully-qualified DNS name won’t work; just a plain computer name should, provided it’s the computer’s samAccountName in Active Directory. It’s important that there not be a same-named User account in the domain, because if there is, it’ll grab that instead.

But notice in http://blogs.technet.com/b/heyscriptingguy/archive/2013/12/25/powertip-add-computer-to-security-group-with-powershell.aspx that the computer’s samAccountName is suffixed with a $. You might try adding that.