## Use Powershell to Create and Add members to Active Directory Groups from csv

This is a task that I feel like there are a ton of ways to do it, this is just mine. With this you create a csv file with two columns; the first is the username of the person you want to add to the group and the second is the group that the person should be in. The script will check to see if the group exists and if it doesn’t it will be created in the path you define and then it will add the member, if the group does already exists it simply adds the user. This is a fast way to create a bunch of groups if you need to. For connecting to Active directory see this post.

Script:

#You need to have a connection to AD first or run this from a DC (see http://allthesystems.com/2020/08/powershell-connection-examples/)
#Define path to csv and basepath to create groups if they dont exist
$list = Import-Csv -Path C:\Path\to\csv\newgroups.csv$BasePathForGroups = "OU=Path,OU=To,OU=OU,DC=Domain,DC=com"

foreach ($item in$list) {
#Set variables for loop from csv line
$group =$item.group
$member =$item.member

#Check if group exists
if(Get-ADGroup $group){ Write-Host "group exists. adding member:$member"
Add-ADGroupMember -Identity $group -Members$member

}
else {
Write-Host "Group doesnt exist.  creating: $group" #Creates group New-ADGroup -Name$group -SamAccountName $group -GroupCategory Security -GroupScope Global -DisplayName$group -Path $BasePathForGroups #Adds member Add-ADGroupMember -Identity$group -Members $member } } ## Powershell Connection Examples In this post I’m going to show you a few different ways to connect to thing using Powershell. I will make other posts that go into more detail and explain each one but this is more of a reference post. I will probably update this post in the future to include more but this current list includes Powershell Connection Examples for: Active Directory (on-prem), AzureAD, Exchange (on-prem), Exchange Online, vCenter and SCCM. Like all my posts I’m not claiming these are the only ways but these are the ways I use and they work. For these you may need to set you execution policy for these to work: Set-ExecutionPolicy -ExecutionPolicy Bypass Active Directory (On-Prem) #set Variable for which Domain Controller to connect to$Domain_Controller = "MyDC1"

#Check for Creds and ask for them if they aren't found
if (!($Creds)) {$Creds = get-credential -Message "Enter your Domain Admin Creds"}

#Connect to Domain Controller and import a Active Directory Session
$session = New-PSSession -ComputerName$Domain_Controller -Credential $creds Invoke-Command$session -Scriptblock { Import-Module ActiveDirectory }
Import-PSSession -Session $session -module ActiveDirectory Test Command Get-ADuser username AzureAD (MSOL) For this you need to have the the MSOnline module installed you can get it by running: Install-Module MSOnline -verbose There are two ways to run this and it depends on if you have MFA setup and Trusted locations: Option 1 – If you do NOT have MFA setup OR you have MFA setup but you are logging in from a “Trusted Location” #Check for Creds and ask for them if they aren't found if (!($365Creds)) {$365Creds = get-credential -Message "Enter your Office365 Admin Creds"} #Make the connection Connect-MsolService -Credential$365Creds

Option 2 – If you have MFA on and aren’t at a “Trusted Location”

Connect-MsolService

Test Connection

Get-MsolUser -UserPrincipalName user@domain.com
Exchange (On-Prem)
#Set Exchange Server Name
$Exc_Server = "ExchangeServerName" #Check for Creds and ask for them if they aren't found if (!($Creds)) {$Creds = get-credential -Message "Enter your Domain Admin Creds"}$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri http://$Exc_Server/PowerShell/ -Authentication Kerberos -Credential$creds

Import-PSSession $Session Test Command Get-Mailbox username Exchange Online For this you need the ExchangeOnlineManagement module installed. To install it run: Install-Module ExchangeOnlineManagement To connect use this: Connect-ExchangeOnline Test Command: Get-Mailbox username@domain.com vCenter For this you need the VMwarePowercli module installed. to install run: Install-Module VMware.PowerCLI -AllowClobber To connect: If you do not have an SSL certificate on your vCenter you will need to set it to ignore your self signed cert with Set-PowerCLIConfiguration -InvalidCertificateAction ignore Next set your vCenter server with this command. Change vCenterServerName to match your vCenter server #Set vCenter Servername$vCenter_Server = "vCenterServerName"

Here is the actual connection commands, not need to change anything here. It will bring up a credential box. Enter your vCenter creds in domain\username format.

#Check for Creds and ask for them if they aren't found
if (!($Creds)) {$Creds = get-credential -Message "Enter your vCenter Admin Creds in domain\username format"}

Connect-VIServer -server $vCenter_Server -Credential$creds


Test Command:

get-Cluster
SCCM

The last Powershell Connection Example I have for you is SCCM. For this one you need to have the SCCM console installed locally or run this from the SCCM server. The console is specific to the version of SCCM you are running, you can get the console install from here \\SCCMSERVERNAME\SCCMConsoleInstaller\consoleinstaller.exe

To connect:

There are a few things to change in the below. Change SITENAME to your SCCM site name in both places, and change SCCM_Server_Name with your SCCM server name.

#Check for Creds and ask for them if they aren't found
if (!($Creds)) {$Creds = get-credential -Message "Enter your Domain Admin Creds"}

Import-Module 'C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1'
New-PSDrive -Credential \$Creds -Name "SITENAME" -PSProvider "AdminUI.PS.Provider\CMSite" -Root "SCCM_Server_name" -Description "Primary site"
Set-Location SITENAME:

Test command:

Get-CMSite
Azure

Connecting to Azure is similar to AzureAD or Exchange online. First, you need the module. Once it is installed, you can now connect. One important thing to note is this AZ module is newer. If you have used the Azure or AzureRM modules in the past you need to remove them with uninstall-module.

Uninstall AzureRM:

Uninstall-AzureRm

Install Module:

 Install-Module az -AllowClobber

Once the module is install you can now connect.

Connect to Azure:

Connect-AzAccount

Get-AzSubscription