Sunday, October 4, 2015

Bulk ADD member to group based on Active Directory Attribute

Hi Readers,

Just sharing a old script that I have recently modified to fullfil one requirement where employeeids are shared &

these needs to be added to the Active directory group. Value of Employee id is stored in one of the AD attribute.

Pre-requisties: Quest AD management Shell

Extract the script zip file & change the variables accordingly.

https://gallery.technet.microsoft.com/scriptcenter/Bulk-ADD-member-to-group-725c11a1

$grp="Define group name" # group CN Name, example "Test Dl1", no need to include full dn..

$attrib = "extensionattribute11"

Update the Users.txt file with the employee ids (make sure the first line is empid as it will act as header)





Now just run the script as shown below:

.\addtoGroupext.ps1 .\users.txt



Capture



########################################################################################### 
##                                                                                             
##           Author: Vikas Sukhija                                                         
##           Date: 26-11-2012  
##         Modified: 18-09-2015 
##         Update :  Update users from EMployeeid                                                     
##           Description:- If user is not a member of group this script add it after reading    
##           from CSV                                                                                
########################################################################################### 
#Add Quest Shell... 
 
If ((Get-PSSnapin | where {$_.Name -match "Quest.ActiveRoles"}) -eq $null

    Add-PSSnapin Quest.ActiveRoles.ADManagement 

 
#####define Variables/Log ######## 
 
$date = get-date -format d 
$time = get-date -format t 
 
$date = $date.ToString().Replace(“/”, “-”) 
 
$time = $time.ToString().Replace(":""-"
$time = $time.ToString().Replace(" """
 
$log1 = ".\Logs" + "\" + "Addtogrp_" + $date + $time + "_.log" 
$log2 = ".\Logs" + "\" + "Usrnotadded_" + $date + $time + "_.log" 
$log3 = ".\Logs" + "\" + "UsrAdded_" + $date + $time + "_.log" 
 
$usertoadd = @() 
 
$grp="Define group name" 
$attrib = "extensionattribute11" 
 
$coll = @() 
 
start-transcript -path $log1 
 
######################### 
 
# import csv file 
 
$data = import-csv $args[0] 
 
$Can = “CN=$grp” 
 
$dt = get-date 
 
 
Write-host "`n Group to which users will be added $Can" -foregroundcolor magenta 
 
 
foreach($i in $data) { 
 
$empid = $i.empid 
$usertoadd$null 
 
$user = Get-QADUser -LdapFilter "($attrib=$empid)" 
 
Write-host "`n $empid matched $user" -foregroundcolor Green 
 
 
  if (($user.memberof -like “$Can,*”)) 
 
  { 
 
  write-host “$user is a member & will not be added to $grp group” 
  add-content $log2 “$user is a member & will not be added to $grp group” 
 
  } 
 
  else 
  
  { 
 
  write-host “$user is not a member & will be added to $grp group” 
 
  add-qadgroupmember $grp $user   
  add-content $log3 “$user is a member & will be added to $grp group” 
   
    } 
 

 
$dt = get-date 
 
Write-host  "all users addition to group finished... $dt...." -foregroundcolor green 
 
 
stop-transcript 
 
 
########################################################################################




 

Regards

Sukhija Vikas

http://msexchange.me

2 comments:

  1. Dear Vikas, We are running AD on 2003 so just want to confirm if you have any vbs/bat script to save or email the ad health on daily basis.

    ReplyDelete
  2. you can install powershell on the 2003 & use the below script, It should work fine.
    let me know if you face any issues,.
    http://msexchange.me/2014/12/25/active-directory-health-check/

    ReplyDelete