Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Question
Wednesday, January 16, 2013 8:30 PM
I am having an issue with the Active Directory module for Powershell. The issue is...I have a csv file that contains machine accounts in my active directory domain.
In the command below "a_wirelesspilot" is the name of the group I am trying to modify - and following that are the machine accounts I am trying to add.
If one of the machine accounts in the domain is already a member of the group, it fails and doesn't add any additional machine accounts that follow it.
PS C:\Windows\system32> Add-ADGroupMember a_wirelesspilot 5TN9DT1L$,BGBWCT1L$,8Q
4JDT1L$
PS C:\Windows\system32> Add-ADGroupMember a_wirelesspilot 9CLKDT1L$,7S5CGT1L$,23
BWCT1L$,D9R9GT1L$,D72QFT1L$,7FLMRS1L$,5TN9DT1L$,7KFXCT1L$,JQRTFT1L$,HHF7GT1L$
Add-ADGroupMember : The specified account name is already a member of the group
At line:1 char:18
+ Add-ADGroupMember <<<< a_wirelesspilot 9CLKDT1L$,7S5CGT1L$,23BWCT1L$,D9R9GT1
L$,D72QFT1L$,7FLMRS1L$,5TN9DT1L$,7KFXCT1L$,JQRTFT1L$,HHF7GT1L$
+ CategoryInfo : NotSpecified: (a_wirelesspilot:ADGroup) [Add-ADG
roupMember], ADException
+ FullyQualifiedErrorId : The specified account name is already a member o
f the group,Microsoft.ActiveDirectory.Management.Commands.AddADGroupMember
The problem is with the error handling. I have tried to add:
-ea silently continue
and...
-ea stop
to the command and neither works. (same error) Please advise.
-Thor Kakar
All replies (6)
Wednesday, January 16, 2013 10:07 PM âś…Answered | 2 votes
OK, so this is what I did. Also, this assumes that your csv file has the first line called sAMAccountName for the heading, and each entry is the users sAMAccountName
# Import the Active Directory module
Import-Module ActiveDirectory
# Name of group to work with
$group = "SomeGroup"
# Get all members of a specifed group and add them thier
# sAMAccountName to an array
$members = @()
Get-ADGroupMember -Identity $group | Select-Object -ExpandProperty sAMAccountName | ForEach-Object{ $members += $_ }
# Now that we have all members of the group, lets get all
# the users from the csv file
$users = Import-Csv "C:\somefile.csv"
# Loop through the collection of users, and make sure they
# do not exist before trying to add them
ForEach($user in $users) {
If ($members -notcontains $user.sAMAccountName) {
Add-ADGroupMember $group $user.sAMAccountName
# Also add the new member to the $members array
$members += $user.sAMAccountName
}
}
If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.
Wednesday, January 16, 2013 8:45 PM
You will need to first check to see if the object you are trying to add to the group already exists, if it doesn't add it, else do nothing
Take a look at the Get-ADGroupMember cmdlet
If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.
Wednesday, January 16, 2013 8:53 PM
You will need to first check to see if the object you are trying to add to the group already exists, if it doesn't add it, else do nothing
Take a look at the Get-ADGroupMember cmdlet
If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.
I looked at the cmdlet - I don't see anything specific to error handling that will work...example please?
Wednesday, January 16, 2013 9:19 PM
More or less, what you will need to do is create a function that checks to see if the current user is a member of the group if so, it returns true, otherwsie return false. Then you can use conditional statements based upon the value returned from the function, to add the user to the group is the returned value is false.
I actually have some functions which do this, but they are at home, not sure if it is the best way, but it works. I am leaving work in a little bit, once I get home, I can try and find them and then post them for you.
If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.
Wednesday, October 30, 2013 8:42 AM | 1 vote
You probably can use the -ErrorAction parameter to have the cmdlet ignore errors. I personally use code similar to below to add users identified by sAMAccountName to a specified group. Once you bind to the group object, you can use the IsMember and Add methods exposed by the IADsGroup interface.
# Specify the group.
$Group = [ADSI]"LDAP://cn=Test Group,ou=West,dc=MyDomain,dc=com"# Use DirectorySearcher.
$Domain = New-Object System.DirectoryServices.DirectoryEntry
$Searcher = New-Object System.DirectoryServices.DirectorySearcher
$Searcher.SearchRoot = $Domain
$Searcher.PageSize = 200
$Searcher.SearchScope = "subtree"$Searcher.PropertiesToLoad.Add("distinguishedName") > $Null
# Read user pre-Windows 2000 Names from file.
$Users = Import-CSV c:\Scripts\Users.csvForeach ($User in $Users)
{
$Name = $User.Name
$Searcher.Filter = "(sAMAccountName=$Name)"
$Results = $Searcher.FindAll()
ForEach ($Result In $Results)
{
$DN = $Result.Properties.Item("distinguishedName")
# Check if user a member of the group.
If ($Group.IsMember("LDAP://$DN") -eq $False)
{
# Add the user to the group.
$Group.Add("LDAP://$DN")
}
}
}Richard Mueller - MVP Directory Services
You can just run the following command before import-csv;
PS C:\ $ErrorActionPreference = "SilentlyContinue"
PS C:\ import-csv test.Csv ...
Monday, May 11, 2015 7:22 PM
OK, so this is what I did. Also, this assumes that your csv file has the first line called sAMAccountName for the heading, and each entry is the users sAMAccountName
# Import the Active Directory module Import-Module ActiveDirectory # Name of group to work with $group = "SomeGroup" # Get all members of a specifed group and add them thier # sAMAccountName to an array $members = @() Get-ADGroupMember -Identity $group | Select-Object -ExpandProperty sAMAccountName | ForEach-Object{ $members += $_ } # Now that we have all members of the group, lets get all # the users from the csv file $users = Import-Csv "C:\somefile.csv" # Loop through the collection of users, and make sure they # do not exist before trying to add them ForEach($user in $users) { If ($members -notcontains $user.sAMAccountName) { Add-ADGroupMember $group $user.sAMAccountName # Also add the new member to the $members array $members += $user.sAMAccountName } }If you find that my post has answered your question, please mark it as the answer. If you find my post to be helpful in anyway, please click vote as helpful.
Thank you. This worked perfectly!