powershellautomationexport-to-csv
Output to CSV required when bulk AD users added to AD groups
I have a script which will add multiple AD users to multiple AD groups.
# Import the data from CSV file and assign it to variable
$List = Import-Csv "C:\Temp\BulkAddGroups.csv"
foreach ($User in $List) {
# Retrieve UserSamAccountName and ADGroup
$UserSam = $User.SamAccountName
$Groups = $User.Group
# Retrieve SamAccountName and ADGroup
$ADUser = Get-ADUser -Filter "SamAccountName -eq '$UserSam'" | Select-Object SamAccountName
$ADGroups = Get-ADGroup -Filter * | Select-Object DistinguishedName, SamAccountName
# User does not exist in AD
if ($ADUser -eq $null) {
Write-Host "$UserSam does not exist in AD" -ForegroundColor Red
Continue
}
# User does not have a group specified in CSV file
if ($Groups -eq $null) {
Write-Host "$UserSam has no group specified in CSV file" -ForegroundColor Yellow
Continue
}
# Retrieve AD user group membership
$ExistingGroups = Get-ADPrincipalGroupMembership $UserSam | Select-Object DistinguishedName, SamAccountName
foreach ($Group in $Groups.Split(';')) {
# Group does not exist in AD
if ($ADGroups.SamAccountName -notcontains $Group) {
Write-Host "$Group group does not exist in AD" -ForegroundColor Red
Continue
}
# User already member of group
if ($ExistingGroups.SamAccountName -eq $Group) {
Write-Host "$UserSam already exists in group $Group" -ForeGroundColor Yellow
}
else {
# Add user to group
Add-ADGroupMember -Identity $Group -Members $UserSam
Write-Host "Added $UserSam to $Group" -ForeGroundColor Green
}
}
}
The below is the format of the CSV file I use:
I require assistance in outputting the actions (whether it is successful or not in adding users to AD groups) into single CSV file.
UPDATE 1
@Theo ran your code and got these errors:
Get-ADPrincipalGroupMembership : An unspecified error has occurred
At C:\Users\User\Desktop\BulkAddADGroups.ps1:56 char:31
+ $ExistingGroups = Get-ADPrincipalGroupMembership $UserSam
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (User1:ADPrincipal) [Get-ADPrincipalGroupMembership], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.GetADPrincipalGroupMembership
Added User1 to Group1
group does not exist in AD
Get-ADPrincipalGroupMembership : An unspecified error has occurred
At C:\Users\User\Desktop\BulkAddADGroups.ps1:56 char:31
+ $ExistingGroups = Get-ADPrincipalGroupMembership $UserSam
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (User2:ADPrincipal) [Get-ADPrincipalGroupMembership], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.GetADPrincipalGroupMembership
Added User2 to Group1
group does not exist in AD
Get-ADPrincipalGroupMembership : An unspecified error has occurred
At C:\Users\User\Desktop\BulkAddADGroups.ps1:56 char:31
+ $ExistingGroups = Get-ADPrincipalGroupMembership $UserSam
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (User3:ADPrincipal) [Get-ADPrincipalGroupMembership], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.GetADPrincipalGroupMembership
Added User3 to Group1
group does not exist in AD
Get-ADPrincipalGroupMembership : An unspecified error has occurred
At C:\Users\User\Desktop\BulkAddADGroups.ps1:56 char:31
+ $ExistingGroups = Get-ADPrincipalGroupMembership $UserSam
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (User4:ADPrincipal) [Get-ADPrincipalGroupMembership], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.GetADPrincipalGroupMembership
Added User4 to Group1
Get-ADPrincipalGroupMembership : An unspecified error has occurred
At C:\Users\User\Desktop\BulkAddADGroups.ps1:56 char:31
+ $ExistingGroups = Get-ADPrincipalGroupMembership $UserSam
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (User4:ADPrincipal) [Get-ADPrincipalGroupMembership], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.GetADPrincipalGroupMembership
Added User4 to Group2
group does not exist in AD
My CSV file format was like this (I used semi colon as delimiter as you suggested):
My output file was like this:
I don't know if I put the ; in the CSVs that has caused the issue.
BUT weirdly the users were added to the AD groups.
UPDATE 2
Theo I added the code you gave me.
MY CSV format:
Ran the code again got the same error messages:
PS C:\Windows\system32> C:\Users\User\Desktop\BulkAddADGroups.ps1
Get-ADPrincipalGroupMembership : An unspecified error has occurred
At C:\Users\User\Desktop\BulkAddADGroups.ps1:56 char:31
+ $ExistingGroups = Get-ADPrincipalGroupMembership $UserSam
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (User1:ADPrincipal) [Get-ADPrincipalGroupMembership], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.GetADPrincipalGroupMembership
Added User1 to Group1
Get-ADPrincipalGroupMembership : An unspecified error has occurred
At C:\Users\User\Desktop\BulkAddADGroups.ps1:56 char:31
+ $ExistingGroups = Get-ADPrincipalGroupMembership $UserSam
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (User2:ADPrincipal) [Get-ADPrincipalGroupMembership], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.GetADPrincipalGroupMembership
Added User2 to Group1
Get-ADPrincipalGroupMembership : An unspecified error has occurred
At C:\Users\User\Desktop\BulkAddADGroups.ps1:56 char:31
+ $ExistingGroups = Get-ADPrincipalGroupMembership $UserSam
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (User3:ADPrincipal) [Get-ADPrincipalGroupMembership], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.GetADPrincipalGroupMembership
Added User3 to Group1
Get-ADPrincipalGroupMembership : An unspecified error has occurred
At C:\Users\User\Desktop\BulkAddADGroups.ps1:56 char:31
+ $ExistingGroups = Get-ADPrincipalGroupMembership $UserSam
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (User4:ADPrincipal) [Get-ADPrincipalGroupMembership], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.GetADPrincipalGroupMembership
Added User4 to Group1
Get-ADPrincipalGroupMembership : An unspecified error has occurred
At C:\Users\User\Desktop\BulkAddADGroups.ps1:56 char:31
+ $ExistingGroups = Get-ADPrincipalGroupMembership $UserSam
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (User4:ADPrincipal) [Get-ADPrincipalGroupMembership], ADException
+ FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.Management.Commands.GetADPrincipalGroupMembership
Added User4 to Group2
But this time you output file was semi correct:
For some reason the output file didn't pick up the name of the 'Group 2' for 'User 4' but it gets even more weirder the user was actually added to the groups.
What it be worth just having a single group name in column 'Group' rather than having multiple groups in column 'Group'?
Like this instead:
UPDATE 3
It is soo close!!!
I runs perfect in PS that out put is:
Added User1 to Group1
Added User2 to Group1
Added User3 to Group1
Added User4 to Group1
Added User4 to Group2
It makes the changes in AD also!
But it the CSV output is shows as this:
Seems like it is not outputting Group2 for User 4, I happy to keep it this and just use the output of the PS prompt but if you could just get this tweaked I would appreciate it.
Solution
Looking at your input csv, it seems logical to first group the imported data by SamAccountName and then create new objects where all groups for each user are combined in the 'Group' column with a semi-colon as delimiter.
That way, you will also have the chance to eliminate any duplicates in the list.
# Import the data from CSV file, group on column SamAccountName and
# output new objects where each item is a single user and all groups for that user
# are separated by a semi-colon in column 'Group'
$List = Import-Csv "C:\Temp\BulkAddGroups.csv" | Group-Object SamAccountName |
Select-Object @{Name = 'SamAccountName'; Expression = {$_.Name}},
@{Name = 'Group'; Expression = {$_.Group.Group.Split(";").Trim() |
Where-Object {$_ -match '\S'} |
Sort-Object -Unique}}
# get a list of all AD groups
$ADGroups = Get-ADGroup -Filter *
# capture the (object) output from the loop
$result = foreach ($User in $List) {
# store the users SamAccountName in a variable for convenience
$UserSam = $User.SamAccountName
# User does not have a group specified in CSV file
if ([string]::IsNullOrWhiteSpace($Groups)) {
Write-Host "$UserSam has no group specified in CSV file" -ForegroundColor Yellow
# output an error object
[PsCustomObject]@{Name = $UserSam; Group = $null; Result = 'Error: User has no group specified in CSV file'}
Continue # skip this user an proceed with the next
}
# Test if the user exists
$ADUser = Get-ADUser -Filter "SamAccountName -eq '$UserSam'" -Properties MemberOf
# User does not exist in AD
if (!$ADUser) {
Write-Host "$UserSam does not exist in AD" -ForegroundColor Red
# output an error object
[PsCustomObject]@{Name = $UserSam; Group = $null; Result = 'Error: User does not exist in AD'}
Continue # skip this user an proceed with the next
}
foreach ($Group in @($User.Group)) {
# create an object to output
$out = [PsCustomObject]@{
Name = $UserSam
Group = $Group
Result = $null # we'll fill this in later
}
# Group does not exist in AD
if (@($ADGroups).Name -notcontains $Group) {
Write-Host "$Group group does not exist in AD" -ForegroundColor Red
# fill the Result property and output the error object
$out.Result = 'Error: Group does not exist in AD'
}
else {
# Retrieve AD user group membership
$ExistingGroups = $ADUser.MemberOf | Get-ADGroup | Select-Object Name
# Get-ADPrincipalGroupMembership is buggy, see
# https://stackoverflow.com/q/59057379/9898643
# $ExistingGroups = Get-ADPrincipalGroupMembership $UserSam
# User is already member of group
if (@($ExistingGroups).Name -contains $Group) {
Write-Host "$UserSam already exists in group $Group" -ForeGroundColor Yellow
# fill the Result property and output the object
$out.Result = 'Skipped: User is already member'
}
else {
# Add user to group
Add-ADGroupMember -Identity $Group -Members $UserSam
Write-Host "Added $UserSam to $Group" -ForeGroundColor Green
# fill the Result property and output the object
$out.Result = 'Success: User added to group'
}
}
# output the object
$out
}
}
# now you can save the results in a csv file
$result | Export-Csv -Path 'X:\Somewhere\Results.csv' -NoTypeInformation -UseCulture
Output of $result on screen:
Name Group Result
---- ----- ------
User1 Group1 Success: User added to group
User2 Group1 Success: User added to group
User3 Group1 Success: User added to group
User4 Group1 Success: User added to group
User4 Group2 Success: User added to group
- Windows Semicolons in Path
- PSCustomObject returns with extra return(s)
- Remove blank lines in powershell output... Generally
- Powershell if String.StartsWith() multiple strings
- Powershell Workflow to reboot computers
- Export stored procedure results as CSV (UTF 8 BOM format) to external server from SQL Server 2012
- Wildcard with variable in Get-ADUser
- How do I get a certificate (public and private key) into a windows container in AKS?
- How to use PGPASS file in Powershell to avoid password prompt?
- How to execute a powershell script via Task Scheduler?
- Maven works in cmd but not powershell
- <C-space> doesn't work in neovim in PowerShell in Windows terminal
- Launching Docker with GPU Usage and JupyterNotebook
- PowerShell - Get Properties of MSI
- Powershell - Exporting MemberOf to csv file from active directory
- Can't call a Powershell script through the registry properly. A positional parameter cannot be found that accepts argument '$null'
- Script to Check Services on Remote Servers Not Working
- WinSCP Disable ResumeSupport in PowerShell
- How to identify if a PDF file is a PDF/A?
- ConvertFrom-Json : Cannot convert the JSON string because a dictionary that was converted from the string contains the duplicated keys
- How to pull the model name of a Lenovo ThinkCenter M75q Gen 2
- How to do a topological sort in PowerShell
- How can I improve this implementation of a foreach-parallel function in PowerShell v5?
- Error: "The operation was rejected by your operating system" when trying to create new angular project using windows powershell
- powerShell Set-acl strange error : there is not enough space on the disk
- How to append XML elements with Attributes using Powershell
- Automation Account Importing PowerShell Module Issue
- Powershell array objects type being changed to string after using .Replace(), unable to compare to another array, which also claims to contain strings
- Trying to get Codesys to run a batch file from the HMI
- Is it possible to save the output from a write command in a file? (API and Powershell)