$users = Get-QADUser -SearchRoot 'OU=Partners,DC=xxx,DC=com'$un = read-Host "User Name domain\username" # Your domain and username$pw = read-host "Enter password" -AsSecureString # Your Passwordconnect-QADService -service 'xxx.com' -ConnectionAccount $un -ConnectionPassword $pw
foreach ($user in $users) {Get-QADMemberOf -Identity $user}if ($_.name -ne [AllPartners]) {add-QADGroupMember -identity "CN=AllPartners,OU=Groups,OU=Partners,DC=xxx,DC=com" -member $user}
I may have been premature on this. the script was hanging for a bit then it started to roll through the OU. So I believe it is working.. If you see anything please let me know.. Thanks
for some reason it is running very slowly? any reason it might?
to my above script: I am trying to build in a peice that will check to see if they are a member. If so move on if not add to the group. Very frustrated
foreach($user in $users) {
add-QADGroupMember -identity 'CN=AllPartners,OU=Groups,OU=Partners,DC=xxx,DC=com' -member $user
==============ERROR===============================
The object already exists. (Exception from HRESULT: 0x80071392)
At :line:9 char:18
+ add-QADGroupMember <<<< -identity 'CN=AllPartners,OU=Groups,OU=Partners,DC=xxx,DC=com' -member $user
Ok so I am having issue with the peice that checks users membership. In Ad the properties for 'AllPartners' is called Name I am using objects instead of reading from a text file for input. So my script goes to the specified container, to change the primary group ID to specified in script then removes Domain Users. the issue I ran into was some users were not a part of the AllPartners group so the script fails. I need this to check if they are a part of that group if not add to that group then proceed with the ID flip and DU removal.
So where i believe I am stuck is either I am mixing search cmdlets and it wont work or the property name I am searching is somehow not correct. i hope whoever takes a look can understand my problem.
$users = Get-QADUser -SearchRoot 'OU=Enabled,OU=Users,OU=Partners,DC=xxx,DC=com' ## Location in AD to search
$un = read-Host "User Name domain\username" # Your domain and username # authentication to AD$pw = read-host "Enter password" -AsSecureString # Your Password # authentication to AD connect-QADService -service 'fmi.com' -ConnectionAccount $un -ConnectionPassword $pw # authentication to AD
foreach ($user in $users){ #Starting loop for each object/userGet-QADMemberof [OU=Enabled,OU=Users,OU=Partners,DC=xxx,DC=com] $users # checking to see what group they are in nowget-QADUser -SearchRoot 'OU=Partners,DC=fmi,DC=com'-MemberOf 'domain users' # checking to see what group they are in now
ForEach-Object ($_.name -match 'AllPartners') { # my attmept to filter a search add-QADGroupMember -identity "CN=AllPartners,OU=Groups,OU=Partners,DC=xxx,DC=com" -member $user # add group if not there Set-QADUser -Identity $user -ObjectAttributes @{primaryGroupID=@(222753)} # this is working Remove-QADGroupMember -Identity 'Domain Users' -Member $user # this is working
Latest : bump in the road
ForEach ($user in $Users) {Where-Object -FilterScript ($_.Memberof -ne 'Allpartners')} { add-QADGroupMember -identity "CN=AllPartners,OU=Groups,OU=Partners,DC=XXX,DC=com" -member $user Set-QADUser -Identity $user -ObjectAttributes @{primaryGroupID=@(222753)} Remove-QADGroupMember -Identity 'Domain Users' -Member $user}
ERROR MESSAGE======================
Cannot bind parameter 'FilterScript'. Cannot convert value "True" to type "System.Management.Automation.ScriptBlock". Error: "Invalid cast from 'System.Boolean' to 'System.Management.Automation.ScriptBlock'."At :line:7 char:54+ ForEach ($user in $Users) {Where-Object -FilterScript <<<< ($_.Memberof -ne 'Allpartners')} {
A better look at my issue here, any ideas???
$users = Get-QADUser -SearchRoot 'OU=Enabled,OU=Users,OU=Partners,DC=XX,DC=com' ForEach ($user in $Users) { ($_.name -ne 'Allpartners') add-QADGroupMember -identity "CN=AllPartners,OU=Groups,OU=Partners,DC=XXX,DC=com" -member $user Set-QADUser -Identity $user -ObjectAttributes @{primaryGroupID=@(222753)} Remove-QADGroupMember -Identity 'Domain Users' -Member $user}
ERROR======================
Name Type DN ---- ---- -- 75000036 (Almeida, xxxxx) user CN=75000036 (Almeida\, xxxxxx),OU=Enabled,OU=Users,OU=Partners,DC=XXX,DC=com The object already exists. (Exception from HRESULT: 0x80071392)At :line:7 char:22+ add-QADGroupMember <<<< -identity "CN=AllPartners,OU=Groups,OU=Partners,DC=XXX,DC=com" -member $user
I believe I have it now. From what I read there is a bug in add=qadgroupmember that you have to user a trap to get around to keep the loop in play. I tested it at home and it appeared to work. So I will try it at work tomorrow....
$users = Get-QADUser -SearchRoot 'CN=Users,DC=SCCM,DC=COM'$un = read-Host "User Name domain\username" $pw = read-host "Enter password" -AsSecureString $group = 'CN=allpartners,CN=Users,DC=SCCM,DC=COM'connect-QADService -service 'sccm.com' -ConnectionAccount $un -ConnectionPassword $pwforeach ($user in $users) { Get-QADObject $user Add-QADGroupMember -identity $group -member $usertrap {write-host("[ERROR]") -Foregroundcolor Red; Continue}if ($user -ne $group) {#Set-QADUser -Identity $user -ObjectAttributes @{primaryGroup=@(allpartners)}Set-QADUser $user -objectAttributes @{primaryGroupID=(Get-QADGroup allpartners).PrimaryGroupToken}Remove-QADGroupMember -Identity 'Domain Users' -Member $user}}