Adding a user to an on-premise Active Directory group is easy to do using your favorite GUI tooling (ie. Active Directory Users and Computers). Adding many users to many groups … you should probably script that. The following is a Powershell script that I created once and used many times since that reads a CSV file with just 2 columns: user and AD group. It will add the user to the corresponding AD group. Using this, you can add hundreds or thousands of user/group combinations as fast as your AD is accepting the changes.
The Powershell script
Save the below script to a file, add the top you should change the variables to match your environment, and run it with an account that has sufficient access to make the changes.
Make sure the CSV file has two columns with headers User and Group.
The acceptable values for the User parameter are:
- Distinguished name
- GUID (objectGUID)
- Security identifier (objectSid)
- SAM account name (sAMAccountName)
Disclaimer: Please note that this script is extremely lightweight and does not attempt to prevent problems. For example, it will not check if the user or group actually exists or if the input is valid. It is also not optimized to allow for easy on-the-fly adjustments and additions.
## Change these lines
$server = "domaincontroller.domain"
$file = Import-Csv -Path "C:\path\to\yourfile.csv"
## PROBABLY NO CHANGES BELOW THIS LINE
Write-Host *** Input file contains $file.Count lines.
foreach ($row in $file) {
Write-Host $row.user will be processed -NoNewline
$user = $row.User
$grp = $row.Group
Write-Host ... $user ... $grp -NoNewline
# Write AD changes
Add-ADGroupMember -server $server -identity $grp -Members $user -Confirm:$false
# End of AD changes
Write-Host ... done.
}
write-host *** All selectable records processed