none
Powershell : Importing Users and Computers into AD Groups in different domains RRS feed

  • Question

  • Hello,

    I am trying to add computers to a group in AD. I have to do this for users as well. I am doing this with an import-cdv. The group is in child domain 1 and the users are in child domains 2 and 3 and 4. Is there a way to make this look at all of the domains? I have done it in exchange with set-adserversettings, but is there a way to do this in AD? 

    Thanks in advance!

    Import-Module ActiveDirectory
    $CSV=Import-csv -path .\AD-AddComputerToSecurityGroup-csv.csv
    ForEach ($Computer in $CSV){
    Add-ADGroupMember -Identity $Computer.Group -Members $Computer.Computer -server DOMAINCONTROLLER.CHILD1.PARENTDOMAIN:3268}

    • Moved by Bill_Stewart Monday, October 2, 2017 7:06 PM Unanswerable drive-by question
    Friday, August 18, 2017 9:45 PM

All replies

  • You have to use an account that is an admin in all domains.  When an object is added to a group both the object and the group are changed which requires correct permissions on both objects.

    \_(ツ)_/

    Friday, August 18, 2017 11:33 PM
  • Well, my account has the ability to add the object to groups outside of the script. Also, the error I get is that it can't find the object. If I target a server in parent domain, it claims it can't find the object in child domain 1. If I target the server in child domain 1, it can't find the group in the parent domain. Doesn't sound like a permission issue to me.
    Saturday, August 19, 2017 2:53 AM
  • Are you using full distinguished names of the group and the user. Also you need to target a writable DC and not a GC.


    \_(ツ)_/

    Saturday, August 19, 2017 3:42 AM