Search code examples
powershellactive-directoryactive-directory-group

Adding all users to a AD group excluding a few ones using powershell


I have this doubt,

have to add every user in active directory to a group, but there are a few ones who dosen't have to be in this group,

I already know the information of this set of discriminated users..

so, there is a way to do a powershell command where i spicify this set of user and every user that dosen't match with this set would be added to the group?

i'm making a csv file whe is all the users by SamAccountName

Get-AdUser -Filter * | Select SamAccountName | Export-CSV c:\List.csv

, so i can add a second column with the name of the group, after that i was thinking to add a where clause in powershell to compare the SamAccountName with another csv with the set of discriminated users, but i don't know if that would work...

There is a simple way to do it?


Solution

  • I'd create a flat array with the exclusion then use it in the Where clause.

    Something like:

    $ExcludedUsers =
    @(
        "user1"
        "user2"
        #...
    )
    
    $GroupMembers = Get-AdUser -Filter * | Where-Object{ $ExcludedUsers -notcontains $_.samAccountName} 
    Add-ADGroupMember -Identity <GroupName> -Members $GroupMembers
    

    If you are extracting the exclusions from a csv file you can use something like:

    $ExcludedUsers = ( Import-Csv C:\ExcludedUsers.csv ).samAccountName
    $GroupMembers  = Get-AdUser -Filter * | Where-Object{ $ExcludedUsers -notcontains $_.samAccountName} 
    Add-ADGroupMember -Identity <GroupName> -Members $GroupMembers