Add users to multiple groups with PowerShell

How to bulk add users to multiple AD groups from CSV file with PowerShell? You can select multiple users in AD and add them to the multiple groups, but what if you have users all over the place in different OUs? This is an excellent way to automate the task with PowerShell. In this article, you will learn how to add multiple users to multiple groups with PowerShell script.

Table of contents

Information

You need to add a list of users in CSV file to multiple security groups. The list is populated with the SamAccountName attribute.

There are two options to accomplish the task:

  • Manually search for the users in Active Directory Users and Computers, and add them to the security groups. If you have a long list, this is time-consuming. Not only that, it’s possible that you miss a user from the list.
  • Automate the search with PowerShell, and add the users to the security groups. It will take less time, and you will not miss any users.

PowerShell is great for automation, and that’s what we recommend using.

Note: Do you want to add users to a single group? Read Add users to group with PowerShell.

Check security groups

Create security groups if you don’t have them in Active Directory. In this example, we have the security groups Finance, HR, Pilot, and Sales. There are already users added to these groups.

Add users to multiple groups with PowerShell groups

It’s important that you copy the Group name (pre-Windows 2000) and add that to the CSV file.

Add users to multiple group with PowerShell group name

Read more: List all users in a Security Group through PowerShell »

Check CSV file with Import-Csv cmdlet

Check the CSV file and that you have the correct headers. In our case, it’s the CSV file Demo1.csv with the headers SamAccountName and Group.

Add users to multiple groups with PowerShell groups CSV file headers

Important: Make sure that there are no empty spaces behind each line. If so, you will get errors, and the script will fail to add the users. An excellent way is to add quotation marks to surround the field.

Place the CSV file in C:\Temp folder. Create a temp folder if you don’t have one.

Add users to multiple groups with PowerShell groups CSV file

Run Windows PowerShell as administrator. Make sure that PowerShell can read the file, run Import-Csv cmdlet.

PS C:\> Import-Csv "C:\Temp\Demo1.csv"

SamAccountName Group
-------------- -----
Ali.Tajran     Pilot;HR
John.Watkin    Unknown
Amanda.Morgan
Amanda.Morgan  Support
Amanda.Morgan  HR;Pilot
Khalid.Abbas   Agency;HR;Helpdesk
Richard.Grant  Helpdesk

Keep reading: Import CSV delimiter PowerShell »

Add users to multiple groups PowerShell script

Download Add-ADUsers-Multi.ps1 PowerShell script or copy and paste the below code in Notepad. Give it the name ADUsers-Multi.ps1 and place it in the C:\scripts folder. Create a scripts folder if you don’t have one.

# Start transcript
Start-Transcript -Path C:\Temp\Add-ADUsers-Multi.log -Append

# Import AD Module
Import-Module ActiveDirectory

# Import the data from CSV file and assign it to variable
$List = Import-Csv "C:\Temp\Demo1.csv"

foreach ($User in $List) {
    # Retrieve UserSamAccountName and ADGroup
    $UserSam = $User.SamAccountName
    $Groups = $User.Group

    # Retrieve SamAccountName and ADGroup
    $ADUser = Get-ADUser -Filter "SamAccountName -eq '$UserSam'" | Select-Object SamAccountName
    $ADGroups = Get-ADGroup -Filter * | Select-Object DistinguishedName, SamAccountName

    # User does not exist in AD
    if ($ADUser -eq $null) {
        Write-Host "$UserSam does not exist in AD" -ForegroundColor Red
        Continue
    }
    # User does not have a group specified in CSV file
    if ($Groups -eq $null) {
        Write-Host "$UserSam has no group specified in CSV file" -ForegroundColor Yellow
        Continue
    }
    # Retrieve AD user group membership
    $ExistingGroups = Get-ADPrincipalGroupMembership $UserSam | Select-Object DistinguishedName, SamAccountName

    foreach ($Group in $Groups.Split(';')) {
        # Group does not exist in AD
        if ($ADGroups.SamAccountName -notcontains $Group) {
            Write-Host "$Group group does not exist in AD" -ForegroundColor Red
            Continue
        }
        # User already member of group
        if ($ExistingGroups.SamAccountName -eq $Group) {
            Write-Host "$UserSam already exists in group $Group" -ForeGroundColor Yellow
        } 
        else {
            # Add user to group
            Add-ADGroupMember -Identity $Group -Members $UserSam
            Write-Host "Added $UserSam to $Group" -ForeGroundColor Green
        }
    }
}
Stop-Transcript

Line 8: Edit the CSV file name and the path.

In the next step, we will look at the add multiple users to multiple groups PowerShell script.

Bulk add users to multiple groups from CSV file

Run Windows PowerShell as administrator. Change the path to the scripts folder and run Add-ADUsers-Multi.ps1 PowerShell script.

The script will go through all the users in the CSV file. The -WhatIf parameter is added in the script on line 44. If you run the script, nothing will happen in the environment. Instead, you will get an output showing what will happen.

The Add-ADUsers-Multi.ps1 script will show:

  • If the user is added to the group
  • If the user already exists in the group
  • If the user has no group specified in CSV file
  • If the user does not exist in Active Directory
  • If the group does not exist in Active Directory
PS C:\> cd c:\scripts
PS C:\scripts> .\Add-ADUsers-Multi.ps1
Transcript started, output file is C:\Temp\Add-ADUsers-Multi.log
Ali.Tajran already exists in group Pilot
Ali.Tajran already exists in group HR
John.Watkin does not exist in AD
Amanda.Morgan has no group specified in CSV file
Support group does not exist in AD
What if: Performing the operation "Set" on target "CN=HR,OU=Groups,OU=Company,DC=exoip,DC=local".
Added Amanda.Morgan to HR
Amanda.Morgan already exists in group Pilot
Khalid.Abbas does not exist in AD
Helpdesk group does not exist in AD
Transcript stopped, output file is C:\Temp\Add-ADUsers-Multi.log

Remove the -WhatIf parameter from the PowerShell script and rerun the script. The users from the CSV are added to the group.

Transcript started, output file is C:\Temp\Add-ADUsers-Multi.log
Ali.Tajran already exists in group Pilot
Ali.Tajran already exists in group HR
John.Watkin does not exist in AD
Amanda.Morgan has no group specified in CSV file
Support group does not exist in AD
Added Amanda.Morgan to HR
Amanda.Morgan already exists in group Pilot
Khalid.Abbas does not exist in AD
Helpdesk group does not exist in AD
Transcript stopped, output file is C:\Temp\Add-ADUsers-Multi.log

Verify security group with added users

When the script finishes, have a look at Active Directory Users and Computers. Go to a couple of security groups and validate that you see the users from the CSV file in the members tab.

The output will show in the Windows PowerShell console. Not only that, it will show the output in a log because a transcript is added to the PS script. Go to the C:\temp folder and open the Add-ADUsers-Multi.log file.

Add users to multiple groups with PowerShell transcript

Everything looks great! Did this help you to bulk add users to multiple groups from CSV file with PowerShell?

Keep on reading: Export AD users to CSV with PowerShell »

Conclusion

In this article, you learned how to add multiple users to multiple groups from CSV with PowerShell. Download the Add-ADUsers-Multi.ps1 PowerShell script and edit the CSV path. Run the script and verify that the AD users are added successfully to the groups. PowerShell is great for automating the process.

Did you enjoy this article? You may also like Create Active Directory Users from CSV with PowerShell. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

X TwitterLinkedIn

What Others Are Reading

This Post Has 11 Comments

  1. Thanks Ali,

    This is a great script.

    I have used some of your other scripts as well, and now I try to figure out how to create one script, where I Create AD groups, Import Users to AD and add the users to required AD groups.
    Next I want to see if I can add a script that moves disabled users to a specific OU for terminated users, that then removes them from all the AD groups the have membership of.
    Taken in account i am total Noob in Powershell, this is fun to work with. 🙂

    All help is welcome 🙂

    Br

    Reply

    1. A connection to a Domain Controller is required. You can’t run these AD commands against nothing, even in the debugger.

      Reply

  3. Hi Ali,
    Thank you for the script. If we have different OU group path. Could you mind how to change OR specify to select. (Sample : CN=pilot,OU=Groups,OU=BK,DC=ac,DC=uk)
    Thank you very much !

    Reply

    1. If you do have the group DistinguishedName instead of the group SamAccountName in the CSV file, change the following in the script:

      Change line 34 to:

      if ($ADGroups.DistinguishedName -notcontains $Group) {

      Change line 39 to:

      if ($ExistingGroups.DistinguishedName -eq $Group) {
      Reply

  6. Thanks for the script, keep getting errors about the AD group not existing, which it does.

    “Add-ADGroupMember : Cannot find an object with identity:”

    Reply

  7. Hi Ali,

    I found this article when I was searching online and I tried this.
    Works like a charm!
    Thank you very much!

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *