Public/Add-ADusertoGroup.ps1
|
<#
.SYNOPSIS Checks if users are members of a specified group and adds them if they are not. .DESCRIPTION This function handles single usernames, usernames from a text file, or usernames from a CSV file. It checks whether each user is a member of a specified Active Directory group and adds them if they are not already members. By default, the UserInputType is set to 'Single', which means it expects a single username unless specified otherwise. .PARAMETER UserInput The username, path to a text file containing usernames, or path to a CSV file containing usernames. .PARAMETER Group The name of the AD group to check membership against and add users to if they are not already members. .PARAMETER UserInputType Specifies the type of the UserInput: 'Single', 'TextFile', or 'CSV'. Default is 'Single', which expects a single username. .EXAMPLE PS> Add-ADusertoGroup -UserInput "jdoe" -Group "Domain Admins" Checks if 'jdoe' is a member of 'Domain Admins' and adds them if not, using the default input type of 'Single'. .EXAMPLE PS> Add-ADusertoGroup -UserInput "C:\Users\list.txt" -Group "Domain Admins" -UserInputType "TextFile" Processes each username in 'list.txt' to ensure they are members of 'Domain Admins'. .EXAMPLE PS> Add-ADusertoGroup -UserInput "C:\Users\usernames.csv" -Group "Domain Admins" -UserInputType "CSV" Reads usernames from 'usernames.csv' and manages their group membership. .NOTES Requires Active Directory PowerShell module and permissions to modify AD group memberships. #> Function Add-ADusertoGroup { [CmdletBinding()] Param( [Parameter(Mandatory = $true)] [string]$UserInput, [Parameter(Mandatory = $true)] [string]$Group, [Parameter(Mandatory = $false)] [ValidateSet("Single", "TextFile", "CSV")] [string]$UserInputType = "Single" ) Begin { $LocalSite = (Get-ADDomainController -Discover).Site $NewTargetGC = Get-ADDomainController -Discover -Service 6 -SiteName $LocalSite If (!$NewTargetGC) { $NewTargetGC = Get-ADDomainController -Discover -Service 6 -NextClosestSite } $LocalGC = "$($NewTargetGC.HostName):3268" $GroupObj = Get-ADGroup -Filter "Name -eq '$Group'" -Properties CanonicalName, DistinguishedName -Server $LocalGC $GroupDN = $GroupObj.DistinguishedName $GroupDomain = $GroupObj.CanonicalName.Split("/")[0] } Process { $usernames = switch ($UserInputType) { "Single" { @($UserInput) } "TextFile" { Get-Content -Path $UserInput } "CSV" { Import-Csv -Path $UserInput | ForEach-Object { $_.Username } } } foreach ($username in $usernames) { $UserObj = Get-ADUser -Filter "sAMAccountName -eq '$username'" -Properties MemberOf -Server $LocalGC if ($UserObj -and ($UserObj.MemberOf -contains $GroupDN)) { Write-Output "User '$username' is already a member of the group '$Group'." } elseif ($UserObj) { Set-ADGroup -Add @{Member=$UserObj.DistinguishedName} -Identity $GroupObj.DistinguishedName -Server $GroupDomain Write-Output "User '$username' added to the group '$Group'." } else { Write-Output "User '$username' not found in AD. Skipping..." } } } End { #Write-Output "Completed membership checks and updates for the group '$Group'." } } |