Using PowerShell to add a user or computer into an AD Group is fairly simple. You will use an “add” command, tell it to identify the group name, and then tell it to add the desired object to the group membership. For example, to add a workstation to a group, it should look something like this:

add-adgroupmember -identity YourGroupName -Members WorkstationName

The commands above can be used for users as well, just insert the username instead of the workstation name after the “-members” parameter.

To remove from a group, the command is very similar (with one exception at the end*):

remove-adgroupmember -identity YourGroupName -Members WorkstationName -confirm:$false

*By default, this cmdlet has the Confirm parameter set, which prompts you to confirm before a removal of the specified object type can occur. To bypass prompting for confirmation before removal, you can specify -Confirm:$False when using this cmdlet. (1)

The examples above are pretty straight forward, but what if you want to do this in bulk? If you have a working list of users or computers that you would like to add or remove from an AD group, you can do this in bulk using PowerShell. This one is a little more complicated, as we will be using a loop statement to take action on each item from your list.

***Keep in mind, this command will take action and make changes based on what you tell it. It is important to test your command to ensure that it is correct and verify that it functions as intended. For example, if there is a typo in your group name, you may end up with a bunch of users in the wrong group. Make sure that you run a controlled test on a small group before implementing mass changes to your environment. I always recommend running actionable commands in batches. If there are any issues, this gives you time to mitigate issues before they are applied to your entire data set.

Start by running PowerShell with ISE as an administrator.

Identify your file path for the text or csv file containing your list, as you will need to import the file into the command using that path.

Now, in order to run this command, we are going to have to establish variables. If you are not familiar with using variables, I would recommend reviewing this article to learn what they are and how they can be utilized in PowerShell.

We also need to establish the loop statement. To do so, we are going to utilize a “ForEach” command. If you are not familiar with loops, here is a great beginner article that explains how they can be utilized with PowerShell.

Within our loop, we are using the “echo” command, which tells PowerShell to grab that variable value and use it moving forward.

Then, we will run the same command example from above. The command will loop through until it completes the action for each item on the list. Putting it all together will look something like this:

To Add to Groups:

$workstations = Import-CSV -Path "C:\Username\workstations.csv"

ForEach ($WS in $Workstations)

{

$WSName = $WS.Workstations + '$'

echo $WS

add-adgroupmember -identity YourGroupName -Members $WSName

}

To Remove from groups would look like this:

$workstations = Import-CSV -Path "C:\Username\workstations.csv"

ForEach ($WS in $Workstations)

{

$WSName = $WS.Workstations + '$'

echo $WS

Remove-adgroupmember -identity YourGroupName -Members $WSName -confirm:$false

}

As stated before, the command essentially works the same way for adding or removing users as well. Keep in mind that you can name your variables however you see fit.