PowerShell Docs

Appearance

Add-UserToGroup

Users: Adds users to Active Directory groups

Script
param(
	[Parameter(Mandatory = $true, ParameterSetName = "Local or Remote DC")]
	[Parameter(Mandatory = $true, ParameterSetName = "Remote Jumphost")]
	[string]$OUPath,

	[Parameter(Mandatory = $true, ParameterSetName = "Local or Remote DC")]
	[Parameter(Mandatory = $true, ParameterSetName = "Remote Jumphost")]
	[string[]]$UserNames,

	[Parameter(Mandatory = $true, ParameterSetName = "Local or Remote DC")]
	[Parameter(Mandatory = $true, ParameterSetName = "Remote Jumphost")]
	[string[]]$GroupNames,

	[Parameter(Mandatory = $true, ParameterSetName = "Remote Jumphost")]
	[PSCredential]$DomainAccount,

	[Parameter(ParameterSetName = "Local or Remote DC")]
	[Parameter(ParameterSetName = "Remote Jumphost")]
	[string]$DomainName,

	[Parameter(ParameterSetName = "Local or Remote DC")]
	[Parameter(ParameterSetName = "Remote Jumphost")]
	[ValidateSet('Base', 'OneLevel', 'SubTree')]
	[string]$SearchScope = 'SubTree',

	[Parameter(ParameterSetName = "Local or Remote DC")]
	[Parameter(ParameterSetName = "Remote Jumphost")]
	[ValidateSet('Basic', 'Negotiate')]
	[string]$AuthType = "Negotiate"
)

try {
	Import-Module ActiveDirectory -ErrorAction Stop

	[hashtable]$cmdArgs = @{
		'ErrorAction' = 'Stop'
		'AuthType'    = $AuthType
	}
	if ($null -ne $DomainAccount) {
		$cmdArgs.Add("Credential", $DomainAccount)
	}
	if ([System.String]::IsNullOrWhiteSpace($DomainName)) {
		$cmdArgs.Add("Current", 'LocalComputer')
	} else {
		$cmdArgs.Add("Identity", $DomainName)
	}
	$Domain = Get-ADDomain @cmdArgs
	
	[string[]]$results = @()
	[string[]]$usrSAMs = @()

	$getArgs = @{
		'ErrorAction' = 'Stop'
		'Server'      = $Domain.PDCEmulator
		'AuthType'    = $AuthType
		'SearchBase'  = $OUPath
		'SearchScope' = $SearchScope
	}
	if ($null -ne $DomainAccount) {
		$getArgs.Add("Credential", $DomainAccount)
	}

	# Flatten and process user names
	$flatUsers = foreach ($u in $UserNames) { if ($u -match ',') { $u.Split(',') } else { $u } }
	foreach ($name in $flatUsers) {
		if ([string]::IsNullOrWhiteSpace($name)) { continue }
		try {
			$u = Get-ADUser @getArgs -Filter "SamAccountName -eq '$($name.Trim())' -or DisplayName -eq '$($name.Trim())' -or DistinguishedName -eq '$($name.Trim())' -or UserPrincipalName -eq '$($name.Trim())'" | Select-Object -ExpandProperty SAMAccountName
			$usrSAMs += $u
		} catch {
			$results += "User '$name' not found"
		}
	}

	# Flatten and process group names
	$flatGroups = foreach ($g in $GroupNames) { if ($g -match ',') { $g.Split(',') } else { $g } }
	
	foreach ($usr in $usrSAMs) {
		foreach ($gName in $flatGroups) {
			if ([string]::IsNullOrWhiteSpace($gName)) { continue }
			try {
				$grp = Get-ADGroup @getArgs -Filter "SamAccountName -eq '$($gName.Trim())' -or DistinguishedName -eq '$($gName.Trim())'"
				Add-ADGroupMember @getArgs -Identity $grp -Members $usr
				$results += "User '$usr' added to Group '$($grp.Name)'"
			} catch {
				$results += "Error adding user '$usr' to Group '$gName': $($_.Exception.Message)"
			}
		}
	}
	
	Write-Output $results
} catch {
	Write-Error $_
	exit 1
}
Customize

Specifies the Active Directory path (OU).

Comma separated display name, SAMAccountName, DistinguishedName or UPN of the users.

Comma separated names or DistinguishedNames of the groups.

Active Directory Credential for remote execution without CredSSP.

Name of the Active Directory Domain.

Specifies the scope of the search (Base, OneLevel, SubTree).

Specifies the authentication method to use (Basic or Negotiate).

An interactive directory of PowerShell scripts.

MIT License