New group from OU members
One topic that comes up fairly frequently is how can I put all of the members of an OU into a group.
We combine
http://msmvps.com/blogs/richardsiddaway/archive/2012/02/24/list-users-in-an-ou.aspx
and
http://msmvps.com/blogs/richardsiddaway/archive/2012/02/26/adding-a-user-to-a-group.aspx
$ou = "OU=BlogTests,DC=Manticore,DC=org"
"`nMicrosoft"
Get-ADUser -ResultSetSize 3000 -SearchBase $ou -Filter * -SearchScope OneLevel |
foreach {
Add-ADGroupMember -Identity GroupUnvlSecA -Members $($_.DistinguishedName)
}
"`nAD provider"
$groupdn = "CN=GroupUnvlSecB,OU=TestGroups,DC=Manticore,DC=org"
$members = @()
Get-ChildItem -Path AD:\$ou |
where {$_.objectclass -eq "user"} |
foreach {
$members = $members += $($_.DistinguishedName)
}
Set-ItemProperty -Path ad:\$groupdn -Name member -Value $members
"`nQuest"
Get-QADUser -SizeLimit 3000 -SearchRoot $ou -SearchScope OneLevel |
Add-QADGroupMember -Identity GroupUnvlSecC
"`nScript"
$groupdn = "CN=GroupUnvlSecD,OU=TestGroups,DC=Manticore,DC=org"
$group = [adsi]"LDAP://$groupdn"
$root = [ADSI]"LDAP://$ou"
$search = [adsisearcher]$root
$search.Filter = "(&(objectclass=user)(objectcategory=user))"
$search.SizeLimit = 3000
$search.SearchScope = "OneLevel"
$results = $search.FindAll()
foreach ($result in $results){
$result.Properties |
foreach {
$group.Add("LDAP://$($_.distinguishedname)")
$group.SetInfo()
}
}
Discover all of the users in a OU using the techniques that we have seen before and then loop through then adding the users to the group.
This provider will replace any existing members of the group – the others will just append the new members. In the case of the script an error will be thrown if the user is already a member.