Home » PowerShell » Add Users to AD Groups with Add-AdGroupMember

Add Users to AD Groups with Add-AdGroupMember

by

In an Active Directory, it’s very important to add user accounts to the active directory and manage groups effectively. Add-AdGroupMember cmdlet in PowerShell adds users and groups easily.

PowerShell Add-ADGroupMember cmdlet in Active Directory adds users, computers, service accounts, or groups to active directory groups.

In PowerShell, you can add users to AD groups using ADUC (Active Directory Users and Computers) or add users to AD groups using the PowerShell Add-ADGroupMember cmdlet.

Syntax

Add-ADGroupMember
   [-WhatIf]
   [-Confirm]
   [-AuthType <ADAuthType>]
   [-Credential <PSCredential>]
   [-Identity] <ADGroup>
   [-Members] <ADPrincipal[]>
   [-MemberTimeToLive <TimeSpan>]
   [-Partition <String>]
   [-PassThru]
   [-Server <String>]
   [-DisablePermissiveModify]
   [<CommonParameters>]

In this article, I will explain both ways to add users to active directory groups using ADUC and PowerShell Add-ADGroupMember active directory cmdlet.

We will use the Add-AdGroupMember cmdlet to add user accounts to AD Groups or bulk add users to AD groups.

Active Directory Users and Computers (ADUC) graphical user interface tool used to add users through AdGroup MemberOf properties.

Let’s understand ADUC and the Add-ADGroupMember cmdlet in detail to add users to ad groups in the active directory with examples.

Let’s practice!

Table of Contents hide
1 Add Users to Group
2 Bulk Add Users to AD Groups in PowerShell
3 PowerShell Add User to AD Groups using ADUC
4 Add-AdGroupMember Parameters
5 Conclusion

Add Users to Group

Use the Add-ADGroupMember active directory cmdlet in PowerShell to add users to ad groups.

Let’s consider an example of adding a user account to the Security AD Group using the Add-ADGroupMember cmdlet as below.

ADUser Name : Tira Elsa

Security AdGroupName: Finance

Add-ADGroupMember -Identity Finance -Members Tira.Elsa

In the above PowerShell script, the Add-AdGroupMember active directory cmdlet adds a user account to the adgroup security specified by the Identity parameter and user specified by Members property.

Use the Get-ADPrincipalGroupMembership cmdlet in PowerShell to verify whether the user was added to the ad group or not.

Get-ADPrincipalGroupMembership -Identity Tira.Elsa

Get-Get-ADPrincipalGroupMembership retrieves the adgroup information for the aduser specified by the Identity parameter.

The output of the above command to add a user to adgroup in PowerShell is below.

Add User Accounts to AD Groups - PowerShell
PowerShell Add User to AD Groups

Cool Tip: How to get-aduser employee id in PowerShell!

Bulk Add Users to AD Groups in PowerShell

To bulk add user accounts to AD groups in PowerShell, use the Add-ADGroupMember cmdlet in the active directory. It adds multiple users to the group.

Let’s consider an example where you have user names in the CSV file.

You can import a CSV file in PowerShell scripts and load users in a local variable as given below.

# Script for bulk add users to ad groups
#Import csv file and loads adusers in variable

$Users = Import-Csv -Path "C:\adusers.csv"

#Iterate AdUsers to add user account in Group

foreach($User in $Users){
        try
        {

            Add-ADGroupMember -Identity Finance -Members $User.User -ErrorAction Stop -Verbose
        }
        catch
        {
            Write-Host "Error while adding user to adgroup"
        }

    }

In the above PowerShell script to add users to an ad group from a CSV file, use the Import-CSV cmdlet to import a CSV file having a Username and store information in $Users variable.

Iterate $Users using Foreach and use the Add-AdGroupMember cmdlet to add multiple users to the adgroup specified by the Identity parameter and user specified by Member parameter.

It will bulk-add user accounts to ad groups.

The output of bulk add user accounts to ad groups as below

Bulk add user accounts to adgroup
Bulk add user accounts to adgroup

Cool Tip: How to find an operating system of an adcomputer in PowerShell!

PowerShell Add User to AD Groups using ADUC

In this example, we will use the Active Directory Users and Computers (ADUC) GUI tool to add users to the Security Group.

For example, we have Finance Security Group in the active directory. We will add an ad user Esh to the Security group using ADUC.

To add user accounts to security groups in the active directory using ADUC, follow the below steps

  1. Open ADUC ( Active Directory Users and Computers)

Go to Start –> Run –> dsa.msc –> click OK

Type the dsa.msc command in the Run dialog and click OK to open the ADUC GUI console.

2. Navigate to the Organizational Unit in your domain where you have security groups and users created.

Refer to the below image, where Finance is a security group and Esh Deol is an active directory user.

ADUC - Security Groups in Active Directory
ADUC – Security Groups in Active Directory

3. Right Click on the User

Right-click on the user ( Esh Deol) and select the Properties menu. It will open the Properties dialog, select MemeberOf properties as given below in the image

ADUser MemberOf Property
ADUser MemberOf Property

4. Click on the Add button to open Select Groups Dialog

Type the AD group name in the search textbox and click on Check Names to check ad group name availability in the active directory, if available it will return the ad group else will give the message.

Select AD Group for AdUser
Select AD Group for AdUser

Click on the OK button to return. You can use the Advanced button to search for group names visually in an active directory and use a filter to select an AD group.

5. Security ADGroup added to User MemberOf property, click Apply to save changes as below

ADUser MemberOf Security ADGroup
ADUser MemberOf Security ADGroup

6. It will successfully add a user account to AD groups. If you want to check user added or not, open the security adgroup and check member properties as below

Security ADGroup aduser
Security ADGroup aduser

Cool Tip: How to add a computer to a group using Add-AdGroupMember

Add-AdGroupMember Parameters

The PowerShell Add-AdGroupMember cmdlet parameters are given below.

  • -AuthType: It specifies the authentication method to use. The acceptable values for this parameter are Negotiate or 0, Basic or 1. The default authentication method is Negotiate.
  • -Identity: It specifies an active directory group object by one of the values ( a distinguished name, SID, SamAccountName, GUID)
  • -Members: It specifies an array of user, group, and computer objects in a common-separated list to add to a group.
  • -MemberTimeToLive: It specifies a time to live (TTL) for the new group members.
  • -Server: It specifies the active directory domain services instance to connect to.

Conclusion

I hope the above article to add users to ad groups is helpful to you. You can use ADUC and Add-ADGroupMember PowerShell cmdlet to add a user account to an ad group.

To bulk add users to the security adgroup use Add-AdGroupMember cmdlet to add users one by one using a foreach loop in PowerShell.

Cool Tip: How to remove users from the group in PowerShell!

You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.