PowerShell Docs

Appearance

Add-ComputerToGroup

Computers: Adds computers to Active Directory groups

Script
param(
	[Parameter(Mandatory = $true, ParameterSetName = "Local or Remote DC")]
	[Parameter(Mandatory = $true, ParameterSetName = "Remote Jumphost")]
	[string]$OUPath,

	[Parameter(Mandatory = $true, ParameterSetName = "Local or Remote DC")]
	[Parameter(Mandatory = $true, ParameterSetName = "Remote Jumphost")]
	[string[]]$ComputerNames,

	[Parameter(Mandatory = $true, ParameterSetName = "Local or Remote DC")]
	[Parameter(Mandatory = $true, ParameterSetName = "Remote Jumphost")]
	[string[]]$GroupNames,

	[Parameter(Mandatory = $true, ParameterSetName = "Remote Jumphost")]
	[PSCredential]$DomainAccount,

	[Parameter(ParameterSetName = "Local or Remote DC")]
	[Parameter(ParameterSetName = "Remote Jumphost")]
	[string]$DomainName,

	[Parameter(ParameterSetName = "Local or Remote DC")]
	[Parameter(ParameterSetName = "Remote Jumphost")]
	[ValidateSet('Basic', 'Negotiate')]
	[string]$AuthType = "Negotiate"
)

try {
	Import-Module ActiveDirectory -ErrorAction Stop

	[hashtable]$cmdArgs = @{
		'ErrorAction' = 'Stop'
		'AuthType'    = $AuthType
	}
	if ($null -ne $DomainAccount) {
		$cmdArgs.Add("Credential", $DomainAccount)
	}
	if ([System.String]::IsNullOrWhiteSpace($DomainName)) {
		$cmdArgs.Add("Current", 'LocalComputer')
	} else {
		$cmdArgs.Add("Identity", $DomainName)
	}
	$Domain = Get-ADDomain @cmdArgs
	
	[string[]]$results = @()
	[string[]]$cmpSAMAccountNames = @()
	
	$getCompArgs = @{
		'ErrorAction' = 'Stop'
		'Server'      = $Domain.PDCEmulator
		'AuthType'    = $AuthType
	}
	if ($null -ne $DomainAccount) {
		$getCompArgs.Add("Credential", $DomainAccount)
	}

	# Process computer names (handle both array and potential CSV string)
	$flatComputerNames = foreach ($name in $ComputerNames) {
		if ($name -match ',') { $name.Split(',') } else { $name }
	}

	foreach ($name in $flatComputerNames) {
		if ([string]::IsNullOrWhiteSpace($name)) { continue }
		try {
			$cmp = Get-ADComputer @getCompArgs -Identity $name.Trim() | Select-Object -ExpandProperty SAMAccountName
			$cmpSAMAccountNames += $cmp
		} catch {
			$results += "Computer '$name' not found"
		}
	}
	
	$groupArgs = @{
		'ErrorAction' = 'Stop'
		'AuthType'    = $AuthType
		'Server'      = $Domain.PDCEmulator
	}
	if ($null -ne $DomainAccount) {
		$groupArgs.Add("Credential", $DomainAccount)
	}

	$flatGroupNames = foreach ($name in $GroupNames) {
		if ($name -match ',') { $name.Split(',') } else { $name }
	}

	foreach ($comp in $cmpSAMAccountNames) {
		foreach ($itm in $flatGroupNames) {
			if ([string]::IsNullOrWhiteSpace($itm)) { continue }
			try {
				$grp = Get-ADGroup @groupArgs -Identity $itm.Trim()
				Add-ADGroupMember @groupArgs -Identity $grp -Members $comp
				$results += "Computer '$comp' added to Group '$itm'"
			} catch {
				$results += "Error adding computer '$comp' to Group '$itm': $($_.Exception.Message)"
			}
		}
	}
	
	Write-Output $results
} catch {
	Write-Error $_
	exit 1
}
Customize

Specifies the Active Directory path (OU).

Comma separated SAMAccountName, SID, DistinguishedName or GUID of the computers.

Comma separated names of the groups to which the computers will be added.

Active Directory Credential for remote execution without CredSSP.

Name of the Active Directory Domain.

Specifies the authentication method to use (Basic or Negotiate).

An interactive directory of PowerShell scripts.

MIT License