Powershell Script: Add users from an OU to an AD security Group

Similar Messages

• SharePoint 2010 Central Admin to add users from AD from specific Department

  Dear All,
  I am working on SharePoint Foundation 2010. I have to add users from specific department to a particular site collection.
  Please let me know if there is a way to import users from Active Directory based on the 'Department' filed in
  SPCA.
  Thanks.

  Is that okay if I share the PowerShell code? Do you have access to Active Directory and can you query information?
  Refer this Link
  Code
  # set site collection owner for all sites...
  # 1-2012
  Add-PSSnapin Microsoft.SharePoint.PowerShell
  # $AccountList is an array of Windows Identities in the format of $AccountList = @("DOMAIN\USERID" , "DOMAIN\USERID2")
  $accountList = @(Get-ADUser -Filter {(Department -like '*Ur Needs*')})
  #$AccountList = @("LAB\Jack", "Lab\tom", "Lab\dick", "lab\harry")
  #this gets an array of objects representing the sites at the IIS level:
  $IISSites = Get-SPWebApplication
  Foreach($oneIISSite in $IISSites)
  #using .Sites, we can get a list of the site collections
  foreach ($SharepointSiteCollection in $oneIISSite.Sites)
  write-host $SharepointSiteCollection.url -ForegroundColor Cyan
  $spweb = Get-SPWeb $SharepointSiteCollection.url
  #now we have the website, so lets look at each account in our array
  foreach ($Account in $AccountList.samaccountname)
  #lets see if the user already exists
  Write-host "Looking to see if User " $account " is a member on " $SharepointSiteCollection.url -foregroundcolor Blue
  $user = Get-SPUSER -identity $Account -web $SharepointSiteCollection.url -ErrorAction SilentlyContinue #This will throw an error if the user does not exist
  if ($user -eq $null)
  #if the user did NOT exist, then we will add them here.
  $SPWeb.ALLUsers.ADD($Account, "", "", "Added by AdminScript")
  $user = Get-SPUSER -identity $Account -web $SharepointSiteCollection.url
  Write-host "Added user $Account to URL $SPWeb.URL" -Foregroundcolor Magenta
  else
  Write-host "user $Account was already in URL " $SPWeb.URL -Foregroundcolor DarkGreen
  if ($user.IsSiteAdmin -ne $true)
  $user.IsSiteAdmin = $true
  $user.Update()
  Write-host "$account has been made an admin on $SPWeb.URL" -Foregroundcolor Magenta
  else
  Write-host "$account was already an admin on $SPWeb.URL" -Foregroundcolor DarkGreen
  $SharePointSiteCollection.Dispose()
  Note:
  First uncomment the second $accountlist add the user manually to test
  If you have AD module installed in your SP server you can use
  $accountList = @(Get-ADUser -Filter {(Department -like '*Ur Needs*')})
  Regards Chen V [MCTS SharePoint 2010]

• Org Tech Admin can add user from other org?

  We are currently on a trial run with CIAC, and I am testing User Management with a Organization Tech Admin account (OTA).
  To my suprise, when adding user and select "existing user", I can see every account currently on Cloud Portal, and even successfully add user from other organization to my orgnization.
  Is there anyway so that OTA can see only the users in their own organization?

  I've been able to remove the admin role from a site administrator with an OTA.
  I know there are issues when you log with an user then logout and relog with another user, CIAC considers that you are still the previous user (I've encountered the issue several times in portlets in the nsapi requests). I don't know if/how those issues are related, but I'd say that logout/login issue were an user has the same rights than the previous users should be fixed.
  Changing OTA rights will not change that particular issue.
  For the moment, what we've done is create our own servlet for requests to the sql DB, and our own roles for most services.
  Let's see what v4 has in store for us.

• Add users from several Active Directories in SAP BPC

  Hello everybody,
  Does anybody know if you can add users from several Active Directories in SAP BPC??
  In affirmative case, how can you add several Active Directories in SAP BPC??
  Thank you very much.
  Best regards,
  Fernando

  Hi,
  We almost have same issue to add users from several Active Directories.
  BPC server is in Domain A. We perform to add users from Domain B. Our trusted relation between AD is Domain B approve Domain A (unidirectional).
  We cannot get one user which is able to browse both AD. So we install BPC with a user which has rights to browse Domain A  and we use another user in COM+ component (OsoftUSerManage) which has right to browse Domain B.
  But it is not working : we encounter an issue (access denied) in web administration by adding users from Domain B.
  Any idea ?
  Env. : BPC 5.1 SP6

• How to add user from domain A to a group in domain B

  How would you acheive adding a user from domain A to a group that is in domain B via powershell without the Quest cmdlets? I've been trying to figure this out for about a week now. Please let me know if the scripting guy has seen this issue before.
  LittleTech

  Hello jrv,
  Here's what i was trying to do. The two domains im working with have a trust between them.
  1. Create a user in External.Domain.Com
  2. Add the user in External.Domain.Com to GroupOne in ExternalDomain2.Domain.com
  3. The only knowledge that ExternalDomain2.Domain.Com would have about the account in External.Domain.Com is whatever is in the Global Catalog. Here is what im trying, but it isn't working.
  #Connecting to domain PSDrive
  New-PSDrive
  -Name
  ExternalDomain
  -PSProvider
  ActiveDirectory
  -Root
  -Server
  DC01.Domain.com
  cd
  ExternalDomain:
  #Create user
  #Add to ExternalDomain Groups
  $UserDN=Get-ADUser-LDAPFilter"(sAMAccountName=$UserID)"
  #Connecting to domain2 PSDrive 
  cd
  AD:
  $GroupDN="CN=Wireless
  Device Users,OU=Wireless,OU=Systems and Technology,DC=External,DC=Domain2,DC=Com"
  Add-ADGroupMember-Identity$GroupDN-Members(Get-ADObject-Identity$UserDN.DistinguishedName
  -Server"DC01.Domain.com:3268")
  Connecting via port 3268 allows me to talk to the global catalog instead of LDAP.
  I receive the following message: A Referral was returned from the server
  I know that if i connect using [ADSI] i am able to specify that the connection follows referrals, the AD cmdlets seem to not have that function. The Quest AD cmdlets do... I just dont want to have to use third party cmdlets to do what the AD cmdlets should
  be able to do in the first place.
  THanks,
  LittleTech

• Workflow does not start when PowerShell Script is run from Task Scheduler

  I have a PS script that updates an item in a SP2010 list so that a workflow will be started.  When I run the PS script manually from the PS window on the server it resides, the script runs flawlessly.  If I set a scheduled task on the same server
  to run the script with the same credentials as are being used in the PS window, the script runs, updated the info on the list, but DOES NOT start the workflow.  As we know, SPD workflows cannot be started by anonymous or system accounts.  It is as
  if the task scheduler adds a bit of information that makes the SP2010 list think the information was updated by one of these accounts even though the field in the list for the item being updated shows the correct account.
  HELP!!!
  D

  Hi,
  The issue might be related to the script or schedule task settings your configured. You’d better check the settings.
  For example, which option do you set to run the scheduled task? You may select “Run whether user is logged on or not” instead of “run only when user is logged on” as shown in this article:
  http://blog.pointbeyond.com/2010/04/23/run-powershell-script-using-windows-server-2008-task-scheduler/
  Hope it helps.
  Best Regards,
  Sally Tang

• Issue using ADSI in powershell to load users from another domain into a group

  I am trying to load users into a domain local security group from another domain using ADSI and powershell. For users who have an existing foreign security principal I can load that without issue, but the users who do not have a foreign security principal
  I am unable to load.
  These work fine, assuming the group domain is fabrikam:
  $Group.psbase.invoke("Add",[ADSI]"LDAP://CN=$external_user_sid_who_has_a_FPN,CN=ForeignSecurityPrincipals,DC=fabrikam,DC=com")
  $Group.psbase.invoke("Add",[ADSI]"LDAP://$userDN,DC=fabrikam,DC=com")
  These does not:
  $Group.psbase.invoke("Add",[ADSI]"LDAP://CN=$externaluser_sid_who_does_not_have_a_FPN,CN=ForeignSecurityPrincipals,DC=fabrikam,DC=com")
  $Group.psbase.invoke("Add",[ADSI]"LDAP://<SID=$external_user_sid_who_does_not_have_a_FPN>")
  $Group.psbase.invoke("Add",[ADSI]"LDAP://<SID=$external_user_hex_sid_who_does_not_have_a_FPN>")
  Any help would be greatly appreciated.
  Thank you

  Thank you for your reply,
  I started with that thread and it ultimately recommends using the [ADSI]"LDAP://<SID=$hexsid>, this bind is not working for me. The page it points to for conversion of sid to hexsid is in VBS, but I have used the below powershell to duplicate its function.
  $sid = "S-1-5-21-2127521184-1604012920-1887927527-72713"
  $parts = $sid.Remove(0,6).Split("-")
  foreach ($part in $parts)
  $hex = ([Convert]::ToString($part, 16)).ToUpper()
  While ($hex.length -lt 8)
  $hex = "0" + $hex
  for ($i=1; $i -lt 5; $i++)
  $reverseEndian = $reverseEndian + $hex.substring($hex.length -2, 2)
  $hex = $hex.Remove($hex.length -2, 2)
  $hexSid = "0105000000000005" + $reverseEndian
  For example SID S-1-5-21-2127521184-1604012920-1887927527-72713 needs
  to be turned into raw hex sid 010500000000000515000000A065CF7E784B9B5FE77C8770091C0100 according to that article and
  then put in the ADSI bind like this: [ADSI ]"LDAP://<SID=010500000000000515000000A065CF7E784B9B5FE77C8770091C0100>". 
  When I put that bind in (with an actual sid and not an example sid) I get the following error:
  format-default : The following exception occurred while retrieving member "PSComputerName": "There is no such object on
  the server.
  + CategoryInfo : NotSpecified: (:) [format-default], ExtendedTypeSystemException
  + FullyQualifiedErrorId : CatchFromBaseGetMember,Microsoft.PowerShell.Commands.FormatDefaultCommand
  For users who are on another domain but already have a foreign principal name created, I can add them easily enough by converting their sid to the appropriate foreign principal name format. I haven't yet had any success adding someone who doesn't have a
  foreign principal name though, even after trying the solution referenced in the article.
  Thank you in advance for any help.

• File Sharing - Cannot disconnect or add user from Address book

  Hi all,
  Had a look through the support pages but haven't found an answer to this issue I am having....
  I have recently wired a LAN between my macbook and a friends macbook. My problem is that I "connected' to my macbook using my username and password from the other computer. Once the computers were connected (and file share is switched on) he had full access to my hard drive (which was what I expected). However, we are unable to 'disconnect' the file share connection without disabling the file share option within system settings! The password was not saved in his keychain. Whenever we connect the computers he has full access to my drive!
  In our case it is simple enough to ensure security as the example is simply to solve, however, the wider implications of not being able to manually disconnect from a source are obvious. Has anyone else encountered this problem?
  The second problem I have is that I am unable to added a named user to the 'file sharing' user list. When I choose the user from my address book the mac asks for a password. Once this is entered and accepted the window disappears but no name is added to the file share list!
  Apologies if these seem idiot problems but they are slowly driving me mad!!
  Message was edited by: Keef_S

  I have had zero problems with Mail in Snow Leopard - it's been rock solid and very reliable for me.
  I sort of cured the AddressBook problem but I have no idea why it works and I am not happy with my fix. What I did was deleted the contents of ~/Application Support/AddressBook and ~/Library/Caches/com.apple.AddressBook and ~/Library/Preferences/com.apple.addressbook.plist. I then rebooted and opened up AddressBook. The database was empty except for Apple and my own card which OSX creates by default. I then attempted to create a new contact and all of my old contacts magically appeared! I then deleted the new test contact and edited the contact I was originally trying to add a phone number to. I then quit address book and re-launched it and the new phone number was still there! I checked console.log and there were no errors reported this time (previously I was getting lots of error messages each time I quit and re-launched AddressBook.
  I have no idea where those contacts came from since I cleared out the entire database and the cache, but whatever happened, it seems to work now.
  BUGGY!

• How to add users from person or group field in a sharepoint list to sharepoint group

  Hi,
  How to add users(single or multiple) from person or group field in a sharepoint list to sharepoint group programmatically?
  Any suggestions would be appreciated.
  Thank you,
  AA.

  Hello,
  Use SPGroup.AddUser() method to add user in group. I have just written sample code in notepad so it is not tested:
  SPSecurity.RunWithElevatedPrivileges(delegate()
  using(SPSite Site = new SPSite(SPContext.Current.Site.Url))
  Using(SPWeb Web = Site.OpenWeb())
  SPList list = web.Lists["ListName"];
  SPQuery query=new SPQuery ();
  query.Query = "<Where><Eq><FieldRef Name='Title' /><Value Type='Text'>Test</Value></Eq></Where>";
  SPListItemCollection items = list.GetItems(query);
  if(items.Count > 0)
  foreach(SPListItem item in items)
  //Get USers from person or group column
  SPFieldUser userField = (SPFieldUser)item.Fields.GetField("Users");
  SPFieldUserValueCollection userFieldValueCollection = (SPFieldUserValueCollection)userField.GetFieldValue(item["Users"].ToString());
  SPGroup spGroup = spSite.RootWeb.Groups[groupName];//group name
  if (users.Count != 0)
  bool isUserInGroup = false;
  foreach (SPFieldUserValue user in users)
  foreach (SPUser item in spGroup.Users)
  string itemUserName = item.LoginName;
  string UserName = user.User.LoginName;
  if (itemUserName == UserName)
  isUserInGroup = true;
  break;
  if (!isUserInGroup)
  spGroup.AddUser(user.User);
  The above code will query list item and then get users from "Users" column. Now it will check whetehr user is already in group not, if not then add user in group.
  http://rajanijilla.blogspot.sg/2012/09/add-users-to-group-programmatically.html
  Hope it could help
  Hemendra:Yesterday is just a memory,Tomorrow we may never see
  Please remember to mark the replies as answers if they help and unmark them if they provide no help

• SharePoint 2010 Powershell scripting for user profile

  Please help to have a powershell script which will provide the details related to user profile service application like:
  Number of user profiles:
  Number of user properties
  Number of Organization properties
  Number of Organization profiles
  Number of Audiences
  Un compiled Audiences
  Audience Compilation status
  Last compilation time
  Synchronization schedule
  Santosh sethi

  Hi,
  If you're looking for prewritten scripts, you can check these two places:
  http://gallery.technet.microsoft.com/scriptcenter
  http://get-spscripts.com/
  You should read this too:
  http://social.technet.microsoft.com/Forums/scriptcenter/en-US/a0def745-4831-4de0-a040-63b63e7be7ae/posting-guidelines?forum=ITCG
  Let us know if you have any specific questions.
  Don't retire TechNet! -
  (Don't give up yet - 12,830+ strong and growing)

• Split filename and create folders with Powershell script ( --newbie user)

  I have a folder with 1000's of files. Each file varies in length; typically between 9-14 characters. Example:
  C:\workpics\1238955678.1
  C:\workpics\744556224.1
  C:\workpics\744556224.2
  C:\workpics\8445655996.1
  I would like to run a script to split the filename and separate into folders. The filename would then consist of 5 characters, the foldername would be the first characters remaining.
  C:\workpics\12389\55678.1
  C:\workpics\7445\56224.1
  C:\workpics\7445\56224.2
  C:\workpics\84456\55996.1
  Any assistance to create this Powershell script would be awesome. Thank you!!

  I have a folder with 1000's of files. Each file varies in length; typically between 9-14 characters. Example:
  C:\workpics\1238955678.1
  C:\workpics\744556224.1
  C:\workpics\744556224.2
  C:\workpics\8445655996.1
  I would like to run a script to split the filename and separate into folders. The filename would then consist of 5 characters, the foldername would be the first characters remaining.
  C:\workpics\12389\55678.1
  C:\workpics\7445\56224.1
  C:\workpics\7445\56224.2
  C:\workpics\84456\55996.1
  Any assistance to create this Powershell script would be awesome. Thank you!!
  Please reread your request.  It makes no sense.  Read each statement carefully and notice that the statements are in conflict.
  Start your scrip in PowerShell.  Look up things like how to list files and how to manage strings.  All of the information you need is here:
  http://technet.microsoft.com/en-us/scriptcenter/dd793612.aspx
  ¯\_(ツ)_/¯

• Add Users from people picker field to sharepoint group

  Hi,
  I have created infopath form and added people picker control and then created data connection to add users to sharepoint group.
  Used UserGroup webservice and "AddUserToGroup" operation. If I select single user in people picker and click submit button, web service data connection adding user to sharepoint group without any issue but it's not working for multiple users.If
  I select multiple users in people picker, web service adding only first user to sharepoint groups. In our company we do not prefer custom coding.
  Can anybody help me out to resolve this issue?
  Any help or suggestions would be appreciated.
  Thank you,
  AA.

  You ll be able to achieve this by placing people picker in repeating table control in the form, below url may help you. 
  http://infopath.wordpress.com/2013/04/02/people-picker-email-addresses-repeating-tables-infopath-2010/
  Sivabalan

• How can I add user from C program?

  I need to add, change, remove users and change passwords from my application on Solaris 2.6.
  How can I do it?

  Hi,
  I do not think there is a direct API for accomplishing this.
  You can try calling "useradd" through Std C library function
  system (3C).
  "useradd" has a limitation that you can set/change password. Bundled
  with Solaris 2.6 and higher, there is a functionality called
  'admuseradd' which allows the passwd to be set on the command line. You will need to install Adminsuite from the 'Solaris Internet
  Extension CD' to get the functionality.
  Hope this helps.
  Thanks,
  Gopinath
  Sun - DTS.

• How to give readonly Permission rights to 1000 users with button using powershell script?

  $site = Get-SPSite
  -Identity "http://mysite/"
  $user = Get-SPUser
  -Identity "mydomain\myuser"
  -Web $site.RootWeb
  $assignment = New-Object
  Microsoft.SharePoint.SPRoleAssignment($user)
  $role = $site.RootWeb.RoleDefinitions[[Microsoft.SharePoint.SPRoleType]::Reader]
  $assignment.RoleDefinitionBindings.Add($role);
  foreach ($web in $site.AllWebs)
      if ($web.HasUniquePerm)
          $web.RoleAssignments.Add($assignment)
  With above script I can give Readonly permission to the users...but at a time I can give permission to only one user...Actually 1000 users requires these permissionMy requirement is I will have a textbox and a button.I will enter username in textbox
  and when i clicked button the required permission should be assigned to the user given in the textbox...can you please tell how can i achieve this........how make to run powershell script when button is clicked.

  Hello,
  Instead of applying security to user level, it'll be better to create a SharePoint group where you will add the users. and use the outof the box interface to give permissions.
  and for your button, just add the direct link to add user
  http://serverurl/_layouts/15/aclinv.aspx?GroupId=7&IsDlg=1 
  replacing the group ID by the id of your new group (you can see it in the url when your are in the group)
  Best regards, Christopher.
  Blog |
  Mail
  Please remember to click "Mark As Answer" if a post solves your problem or
  "Vote As Helpful" if it was useful.
  Why mark as answer?

• Executing a powershell script for checking duplicate users while creating a AD user throug ADUC console.

  Hi,
  I have a text file in which some SamAccountNames are present.I need to check the file while creating a new users through ADUC console.If a username that is going to create through ADUC console is present in the file, then it should prompt a message
  that the user is already present in the text file.
  Is there any possibility of contacting the powershell script from the ADUC console.If so, then while creating a new user through ADUC console, what is the proceedure for executing that powershell script.
  please provide me the approriate solutions.
  Thanks
  Prasanthi k

  Run the below Powershell Script for users are exist or not in AD. Later you can create the users.
  #Find Users exist in AD or Not?
  #Biswajit Biswas
  $users = get-content c:\users.txt
  foreach ($user in $users) {
  $User = Get-ADUser -Filter {(samaccountname -eq $user)}
  If ($user -eq $Null) {"User does not exist in AD ($user)" }
  Else {"User found in AD ($user)"}
  Active Directory Users attributes-Powershell
  http://gallery.technet.microsoft.com/scriptcenter/Getting-Users-ALL-7417b71d
  Regards~Biswajit
  Disclaimer: This posting is provided & with no warranties or guarantees and confers no rights.
  MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin
  MY BLOG
  Domain Controllers inventory-Quest Powershell
  Generate Report for Bulk Servers-LastBootUpTime,SerialNumber,InstallDate
  Generate a Report for installed Hotfix for Bulk Servers