Adding Active Directory users to a group by Display Name with PowerShell

21 08 2011

There are a number of ways to do this, including simply pasting the users’ display names into the Add Member box in Active Directory Users & Computers and clicking through the errors by hand. If you’re like me, and don’t like having to deal with things like this manually, then PowerShell is the way to go.

First, go download and install the ActiveRoles Management Shell for Active Directory from the Quest website. You’ll want to launch the code below from this shell (or import the appropriate modules into a PowerShell 2.0 session). The input file should be a CSV with first line “User Name”, then each subsequent line containing the DisplayName of the users needing to be added to the specified AD group. While it might not be necessary in smaller domains, specifying the OU where the user accounts live can be handy to reduce the amount of time it takes for the AD queries. Any problematic user names will be sent to the log file specified for review after the script runs.

proper format for 'users.csv'

param($usergroup, $userlist)

function Logger($logFile, $logMessage) {
    # Example: Logger -logFile "logs\somelog.log" -logMessage ""
    $currentTime = (Get-Date).toString()
    $message = $currentTime
    $message += " :: "
    $message += $logMessage
    $message >> $logFile

$logFile = "users.log"

$userCSV = $userlist
$ADgroup = $usergroup

$users = Import-Csv $userCSV

foreach ($u in $users) {
    try {

        $account = Get-QADUser -Identity $u."User Name" | `
            where {$_.DN.Contains("OU=SFDC_USERS")}
        $logon = $account.LogonName
        Add-QADGroupMember -Identity $ADgroup -Member $logon

    } catch [System.Exception] {
        Logger -logFile $logFile -logMessage $u."User Name"



2 responses

14 06 2012
Geocache Geocaching Geocacher

Loving the blog thanks for the information.

9 08 2017

Great post ! 🙂 Have nice day ! paomwobvem

