Add Users To Group With PowerShell - ALI TAJRAN

How to bulk add users to AD security group from CSV file with PowerShell? You can select multiple users in AD and add them to the group, but what if you have users all over the place in different OUs? This is an excellent way to automate the task with PowerShell. In this article, you will learn how to bulk add users to a group with PowerShell script.

Table of contents

• Information
• Check security group
• Check CSV file with Import-Csv cmdlet
• Add users to group PowerShell script
• Bulk add users to group from CSV file
• Verify security group with added users
• Conclusion

Information

You need to add a list of users in CSV file to a security group. The list is populated with the UserPrincipalName attribute.

There are two options to accomplish the task:

• Manually search for the users in Active Directory Users and Computers, and add them to the security group. If you have a long list, this is time-consuming. Not only that, it’s possible that you miss a user from the list.
• Automate the search with PowerShell, and add the users to the security group. It will take less time, and you will not miss any users.

PowerShell is great for automation, and that’s what we recommend using.

Note: Do you want to add users to multiple groups? Read Add users to multiple groups with PowerShell.

Check security group

Create a security group if you don’t have one. In this example, we have the security group Pilot. The members section has one member only.

Click on the General tab. Ensure that you copy the Group name (pre-Windows 2000).

Read more: List all users in a Security Group through PowerShell »

Check CSV file with Import-Csv cmdlet

Check the CSV file and that you use the correct header. In our case, it’s the CSV file Users.csv and the header UserPrincipalName.

Important: Check that there are no empty spaces behind each line. If so, you will get errors, and the script will fail to remove the users.

An excellent way is to add quotation marks to surround the field.

Place the CSV file in C:\Temp folder. Create a temp folder if you don’t have one.

Run Windows PowerShell as administrator. Make sure that PowerShell can read the file and run the Import-Csv cmdlet.

Import-Csv "C:\Temp\Users.csv"

The output appears.

UserPrincipalName ----------------- [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected] [email protected]

Keep reading: How to use Import-CSV in PowerShell »

Add users to group PowerShell script

Download Add-ADUsers.ps1 PowerShell script or copy and paste the code below into Notepad. Give it the name Add-ADUsers.ps1 and place it in the C:\scripts folder. Create a scripts folder if you don’t have one.

Ensure the file is unblocked to prevent errors when running the script. Read more in the article Not digitally signed error when running PowerShell script.

<# .SYNOPSIS Add-ADUsers.ps1 .DESCRIPTION Adds users to a specified Active Directory group based on their User Principal Name (UPN) from a CSV file. .LINK www.alitajran.com/add-users-to-group-powershell/ .NOTES Written by: ALI TAJRAN Website: www.alitajran.com LinkedIn: linkedin.com/in/alitajran X: x.com/alitajran .CHANGELOG V1.10, 04/02/2025 - Added parameters for easier use. #> param ( [Parameter(Mandatory = $true)] [string]$CsvPath, [Parameter(Mandatory = $true)] [string]$GroupName, [switch]$WhatIf ) # Start transcript Start-Transcript -Path "C:\Temp\Add-ADUsers.log" -Append # Import AD Module Import-Module ActiveDirectory # Import the data from CSV file and assign it to variable $Users = Import-Csv $CsvPath # Specify target group name (pre-Windows 2000) where the users will be added to $Group = $GroupName foreach ($User in $Users) { # Retrieve UPN $UPN = $User.UserPrincipalName # Retrieve UPN related SamAccountName $ADUser = Get-ADUser -Filter "UserPrincipalName -eq '$UPN'" | Select-Object SamAccountName # User from CSV not in AD if ($null -eq $ADUser) { Write-Host "$UPN does not exist in AD" -ForegroundColor Red } else { # Retrieve AD user group membership $ExistingGroups = Get-ADPrincipalGroupMembership $ADUser.SamAccountName | Select-Object Name # User already member of group if ($ExistingGroups.Name -eq $Group) { Write-Host "$UPN already exists in $Group" -ForeGroundColor Yellow } else { # Add user to group with conditional WhatIf if ($WhatIf) { Add-ADGroupMember -Identity $Group -Members $ADUser.SamAccountName -WhatIf Write-Host "Added $UPN to $Group" -ForeGroundColor Cyan } else { # Add user to group Add-ADGroupMember -Identity $Group -Members $ADUser.SamAccountName Write-Host "Added $UPN to $Group" -ForeGroundColor Green } } } } Stop-Transcript

In the next step, we will look at the bulk add AD Users PowerShell script.

Bulk add users to group from CSV file

Run Windows PowerShell as administrator. Change the path to the scripts folder and run Add-ADUsers.ps1 PowerShell script to bulk add AD users to group.

The script will go through all the users in the CSV file. If you run the script with the -WhatIf parameter, nothing will happen in the environment. Instead, you will get an output showing what will happen.

The Add-ADUsers.ps1 script will show:

• If the user is added to the group
• If the user already exists in the group
• If the user in the CSV file does not exist in Active Directory

C:\scripts\.\Add-ADUsers.ps1 -CsvPath "C:\temp\Users.csv" -GroupName "Pilot" -WhatIf

It shows what happens to the users from the CSV file.

Transcript started, output file is C:\Temp\Add-ADUsers.log What if: Performing the operation "Set" on target "CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local". Added [email protected] to Pilot What if: Performing the operation "Set" on target "CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local". Added [email protected] to Pilot What if: Performing the operation "Set" on target "CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local". Added [email protected] to Pilot What if: Performing the operation "Set" on target "CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local". Added [email protected] to Pilot What if: Performing the operation "Set" on target "CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local". Added [email protected] to Pilot What if: Performing the operation "Set" on target "CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local". Added [email protected] to Pilot [email protected] does not exist in AD What if: Performing the operation "Set" on target "CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local". Added [email protected] to Pilot What if: Performing the operation "Set" on target "CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local". Added [email protected] to Pilot What if: Performing the operation "Set" on target "CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local". Added [email protected] to Pilot What if: Performing the operation "Set" on target "CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local". Added [email protected] to Pilot What if: Performing the operation "Set" on target "CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local". Added [email protected] to Pilot What if: Performing the operation "Set" on target "CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local". Added [email protected] to Pilot [email protected] already exists in Pilot What if: Performing the operation "Set" on target "CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local". Added [email protected] to Pilot What if: Performing the operation "Set" on target "CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local". Added [email protected] to Pilot Transcript stopped, output file is C:\Temp\Add-ADUsers.log

Remove the -WhatIf parameter from the PowerShell command and rerun the script.

C:\scripts\.\Add-ADUsers.ps1 -CsvPath "C:\temp\Users.csv" -GroupName "Pilot"

The users from the CSV are added to the group.

Transcript started, output file is C:\Temp\Add-ADUsers.log Added [email protected] to Pilot Added [email protected] to Pilot Added [email protected] to Pilot Added [email protected] to Pilot Added [email protected] to Pilot Added [email protected] to Pilot [email protected] does not exist in AD Added [email protected] to Pilot Added [email protected] to Pilot Added [email protected] to Pilot Added [email protected] to Pilot Added [email protected] to Pilot Added [email protected] to Pilot [email protected] already exists in Pilot Added [email protected] to Pilot Added [email protected] to Pilot Transcript stopped, output file is C:\Temp\Add-ADUsers.log

Verify security group with added users

When the script finishes, look at Active Directory Users and Computers. Go to the security group and validate that you see the users from the CSV file in the members tab. In this case, the Pilot group.

The output will show in the Windows PowerShell console. Not only that, it will show the output in a log because a transcript is added to the PS script. Go to the C:\temp folder and open the Add-ADUsers.log file.

Everything looks great! Did this help you to bulk add users to security group from CSV file with PowerShell?

Keep on reading: Manage Microsoft Office with Group Policy »

Conclusion

You learned how to add users to group from CSV with PowerShell. Download the Add-ADUsers.ps1 PowerShell script, edit the parameters to the CSV path and the target group. Run the script and verify that the AD users are added successfully to the group. PowerShell is great for automating the process.

Did you enjoy this article? You may also like Bulk create Office 365 mailboxes in Exchange Hybrid. Don’t forget to follow us and share this article.