Add users to group with PowerShell

How to bulk add users to AD security group from CSV file with PowerShell? You can select multiple users in AD and add them to the group, but what if you have users all over the place in different OUs? This is an excellent way to automate the task with PowerShell. In this article, you will learn how to bulk add users to a group with PowerShell script.

Table of contents

Information

You need to add a list of users in CSV file to a security group. The list is populated with the UserPrincipalName attribute.

There are two options to accomplish the task:

  • Manually search for the users in Active Directory Users and Computers, and add them to the security group. If you have a long list, this is time-consuming. Not only that, it’s possible that you miss a user from the list.
  • Automate the search with PowerShell, and add the users to the security group. It will take less time, and you will not miss any users.

PowerShell is great for automation, and that’s what we recommend using.

Note: Do you want to add users to multiple groups? Read Add users to multiple groups with PowerShell.

Check security group

Create a security group if you don’t have one. In this example, we have the security group Pilot. The members section has one member only.

Add users to group with PowerShell before

Click on the General tab. Ensure that you copy the Group name (pre-Windows 2000).

Add users to group with PowerShell group name

Read more: List all users in a Security Group through PowerShell »

Check CSV file with Import-Csv cmdlet

Check the CSV file and that you use the correct header. In our case, it’s the CSV file Users.csv and the header UserPrincipalName.

Add users to group with PowerShell CSV file UPN

Important: Check that there are no empty spaces behind each line. If so, you will get errors, and the script will fail to remove the users.

An excellent way is to add quotation marks to surround the field.

Add users to group with PowerShell CSV file UPN quotation marks

Place the CSV file in C:\Temp folder. Create a temp folder if you don’t have one.

Add users to group with PowerShell CSV file

Run Windows PowerShell as administrator. Make sure that PowerShell can read the file, run Import-Csv cmdlet.

PS C:\> Import-Csv "C:\Temp\Users.csv"

UserPrincipalName
-----------------
Amanda.Morgan@exoip.com
Max.Fraser@exoip.com
Piers.Bower@exoip.com
Kylie.Davidson@exoip.com
Richard.Grant@exoip.com
Boris.Campbell@exoip.com
Nicholas.Murray@exoip.com
Leonard.Clark@exoip.com
Ruth.Dickens@exoip.com
Jonathan.Fisher@exoip.com
Grace.Rees@exoip.com
Patrick.Mors@exoip.com
John.Maverick@exoip.com
Ali.Tajran@exoip.com
Alysia.Maverick@exoip.com
Mohammad.Fistak@exoip.com

Keep reading: Import CSV delimiter PowerShell »

Add users to group PowerShell script

Download Add-ADUsers.ps1 PowerShell script or copy and paste the below code in Notepad. Give it the name Add-ADUsers.ps1 and place it in the C:\scripts folder. Create a scripts folder if you don’t have one.

# Start transcript
Start-Transcript -Path C:\Temp\Add-ADUsers.log -Append

# Import AD Module
Import-Module ActiveDirectory

# Import the data from CSV file and assign it to variable
$Users = Import-Csv "C:\Temp\Users.csv"

# Specify target group name (pre-Windows 2000) where the users will be added to
# You can add the distinguishedName of the group. For example: CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local
$Group = "Pilot"

foreach ($User in $Users) {
    # Retrieve UPN
    $UPN = $User.UserPrincipalName

    # Retrieve UPN related SamAccountName
    $ADUser = Get-ADUser -Filter "UserPrincipalName -eq '$UPN'" | Select-Object SamAccountName

    # User from CSV not in AD
    if ($ADUser -eq $null) {
        Write-Host "$UPN does not exist in AD" -ForegroundColor Red
    }
    else {
        # Retrieve AD user group membership
        $ExistingGroups = Get-ADPrincipalGroupMembership $ADUser.SamAccountName | Select-Object Name

        # User already member of group
        if ($ExistingGroups.Name -eq $Group) {
            Write-Host "$UPN already exists in $Group" -ForeGroundColor Yellow
        }
        else {
            # Add user to group
            Add-ADGroupMember -Identity $Group -Members $ADUser.SamAccountName -WhatIf
            Write-Host "Added $UPN to $Group" -ForeGroundColor Green
        }
    }
}
Stop-Transcript
  • Line 8: Edit the CSV file name and the path.
  • Line 12: Edit the target group.

In the next step, we will look at the bulk add AD Users PowerShell script.

Bulk add users to group from CSV file

Run Windows PowerShell as administrator. Change the path to the scripts folder and run Add-ADUsers.ps1 PowerShell script to bulk add AD users to group.

The script will go through all the users in the CSV file. The -WhatIf parameter is added in the script on line 35. If you run the script, nothing will happen in the environment. Instead, you will get an output showing what will happen.

The Add-ADUsers.ps1 script will show:

  • If the user is added to the group
  • If the user already exists in the group
  • If the user in the CSV file does not exist in Active Directory
PS C:\> cd c:\scripts
PS C:\scripts> .\Add-ADUsers.ps1
Transcript started, output file is C:\Temp\Add-ADUsers.log
What if: Performing the operation "Set" on target "CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local".
Added Amanda.Morgan@exoip.com to Pilot
What if: Performing the operation "Set" on target "CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local".
Added Max.Fraser@exoip.com to Pilot
What if: Performing the operation "Set" on target "CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local".
Added Piers.Bower@exoip.com to Pilot
What if: Performing the operation "Set" on target "CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local".
Added Kylie.Davidson@exoip.com to Pilot
What if: Performing the operation "Set" on target "CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local".
Added Richard.Grant@exoip.com to Pilot
What if: Performing the operation "Set" on target "CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local".
Added Boris.Campbell@exoip.com to Pilot
Nicholas.Murray@exoip.com does not exist in AD
What if: Performing the operation "Set" on target "CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local".
Added Leonard.Clark@exoip.com to Pilot
What if: Performing the operation "Set" on target "CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local".
Added Ruth.Dickens@exoip.com to Pilot
What if: Performing the operation "Set" on target "CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local".
Added Jonathan.Fisher@exoip.com to Pilot
What if: Performing the operation "Set" on target "CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local".
Added Grace.Rees@exoip.com to Pilot
What if: Performing the operation "Set" on target "CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local".
Added Patrick.Mors@exoip.com to Pilot
What if: Performing the operation "Set" on target "CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local".
Added John.Maverick@exoip.com to Pilot
Ali.Tajran@exoip.com already exists in Pilot
What if: Performing the operation "Set" on target "CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local".
Added Alysia.Maverick@exoip.com to Pilot
What if: Performing the operation "Set" on target "CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local".
Added Mohammad.Fistak@exoip.com to Pilot
Transcript stopped, output file is C:\Temp\Add-ADUsers.log

Remove the -WhatIf parameter from the PowerShell script and rerun the script. The users from the CSV are added to the group.

PS C:\scripts> .\Add-ADUsers.ps1
Transcript started, output file is C:\Temp\Add-ADUsers.log
Added Amanda.Morgan@exoip.com to Pilot
Added Max.Fraser@exoip.com to Pilot
Added Piers.Bower@exoip.com to Pilot
Added Kylie.Davidson@exoip.com to Pilot
Added Richard.Grant@exoip.com to Pilot
Added Boris.Campbell@exoip.com to Pilot
Nicholas.Murray@exoip.com does not exist in AD
Added Leonard.Clark@exoip.com to Pilot
Added Ruth.Dickens@exoip.com to Pilot
Added Jonathan.Fisher@exoip.com to Pilot
Added Grace.Rees@exoip.com to Pilot
Added Patrick.Mors@exoip.com to Pilot
Added John.Maverick@exoip.com to Pilot
Ali.Tajran@exoip.com already exists in Pilot
Added Alysia.Maverick@exoip.com to Pilot
Added Mohammad.Fistak@exoip.com to Pilot
Transcript stopped, output file is C:\Temp\Add-ADUsers.log

Verify security group with added users

When the script finishes, have a look at Active Directory Users and Computers. Go to the security group and validate that you see the users from the CSV file in the members tab. In this case, the Pilot group.

Add users to group with PowerShell after

The output will show in the Windows PowerShell console. Not only that, it will show the output in a log because a transcript is added to the PS script. Go to the C:\temp folder and open the Add-ADUsers.log file.

Windows PowerShell transcript

Everything looks great! Did this help you to bulk add users to security group from CSV file with PowerShell?

Keep on reading: Manage Microsoft Office with Group Policy »

Conclusion

You learned how to add users to group from CSV with PowerShell. Download the Add-ADUsers.ps1 PowerShell script, edit the CSV path and the target group. Run the script and verify that the AD users are added successfully to the group. PowerShell is great for automating the process.

Did you enjoy this article? You may also like Bulk create Office 365 mailboxes in Exchange Hybrid. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

X TwitterLinkedIn

What Others Are Reading

This Post Has 33 Comments

  2. Hi Ali,

    I hope you can help me, do you have also a same script that uses Azure AD environment i know there are different cmdlet that needs to be used. Thanks by the way.

    Reply

  3. Hi,
    I removed WhatIf but still same issue :

    Add-ADGroupMember : Cannot convert ‘System.String[]’ to the type ‘Microsoft.ActiveDirectory.Management.ADGroup’ required by parameter ‘Identity’. Specified method is not supported.
    At C:\scripts\Add-ADUsers.ps1:36 char:41
    + Add-ADGroupMember -Identity $Group -Members $ADUser.SamAc …

    Reply

  5. Excellent. The process worked. I was able to skip the step titled “An excellent way is to add quotation marks to surround the field.”. I never needed to use Notepad. only used Users.csv

    Reply

  6. When running for multiple CSV’s/Groups it’s worth adding “Remove-Variable -Name Users” at the end, this will clear the variable, as without it, the next time the script is ran from the same session and a new CSV can’t be found, it will use the previous scripts “users”.

    Reply

  8. I want to add more Groups

    $Group = “Dell”
    $Group = “G-VPN”
    $Group = “Group-Operations”
    $Group = “MF”
    $Group = “Group-Public”
    it takes only last “Group-Public”

    Reply

  9. Hi Ali
    after run the script , i can get GREEN message on cmd line , i can get same message on the log file
    the content is about “Added min_wu@mccormick.com.cn to _apz.prn.cn_gua_027″
    but on that AD group “XXXX_027” do not display min_wu .
    i have tried remove the line 35 (whatif)>run script >get GREEN message >but the AD group “xxx027” still do not display min_wu.
    any advice ?
    thank you in advance .
    have a nice day .

    Reply

  10. Hi Ali,

    I’m getting an error where the AD user isn’t found. It’s my test account and it definitely exists. Do you know why this may be? I copied the script directly and only edited lines 8 and 12.

    Reply

    1. Hi Shane,

      The script will look for the “UserPrincipalName” in the Users.csv file.

      You can get the output “User does not exist in AD” when you don’t fill in the UserPrincipalName in the CSV file.

      For example: “Amanda Morgan” will not work, and you need to use “Amanda.Morgan@exoip.com”.

      If you have “Display Names” in the CSV file, you can change the text UserPrincipalName to DisplayName on line 19. That will identify the users with display names against Active Directory.

      Reply

  11. Hi Ali,
    thank you very much for this tutorial. I’m trying to put this script into work, but I keep getting this

    Get-ADUser : The search filter cannot be recognized
    At line:1 char:12
    + $ADUser = Get-ADUser -Filter “UserPrincipalName -eq ‘$UPN'” | Select …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : NotSpecified: (:) [Get-ADUser], ADException
    + FullyQualifiedErrorId : ActiveDirectoryServer:8254,Microsoft.ActiveDirectory.Management.Commands.GetADUser

    Reply

    1. This error shows up when you don’t have a header in the CSV file with “UserPrincipalName”. Also, I can see that you edited the script, and when you do that, you can get errors.

      Reply

  12. The script does not add the users to the specified groups for me. Although its reports successful.
    The progress and transcript work perfectly.

    Reply

    1. I can see that the -WhatIf parameter is present in the PowerShell script. The -WhatIf parameter shows you what will happen and will not apply the changes.

      Remove the -WhatIf parameter in the PowerShell script, and run it again.

      Reply

  13. Hi Ali,

    Thanks for all of your great articles on your site. For this script, how can it be adjusted to include users from a multiple-domain environment? Under our main domain, we’ve got 17 sub-domains and users from those sub-domains need to be added to an AD security group in the main domain.

    Thanks!

    Reply

  18. Hi Ali,

    Thank you for the great script. I add my voice to Cameron, I’ve used your script to add estimated 5k users to a security group, even though the logs show as it is successful, when i check the security group, it is empty.

    Reply

  20. Hi Ali, I have used a few of your scripts and they have been great time savers, thank you! On this script, however, it seems like I am getting a positive result but when I actually check the security group, the users have not been added. Even the log says they have. The first time this happened, I realized I failed to remove the “-what-if” parameter. Once I did this, it seems to reflect success, but still didn’t show in the users account nor the group properties. Any thoughts?

    Reply

    1. Hi Cameron,

      Great to hear that my scripts help you to save time.

      It’s difficult to tell why this happens. It’s working fine on my end, and I used it in different environments.

      If you ever get to know what was causing it, do let me know.

      Reply

  21. AoA Ali,

    Can you please share article in which we can add users to multiple groups and that users will be added in specific AD as we have multiple ADC and not want to wait for AD replication.

    Thanks

    Reply

  22. Great info! Thanks so much, was struggling to get the users via userprincipalname and this helped a lot.

    Thanks!

    Reply

  23. Hi Ali,
    interesting approach. Why not use the csv-file path and group name as parameters for the script and hence make it more flexible?

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *