Recently I needed a script that would take all the users that exist in an OU and put them in an Active Directory group. I came up with this script.
To use it, simply change the variables for $GroupName and $SearchBaseNames. You can have only one OU, or add as many OUs as you want in this one, or change it to just one line. Just make sure you have the PowerShell continue line backtick (character left of the #1 on a standard US keyboard) at the end of each line except the last.
At a minimum, you will need to have read permission to the OUs and for the group, you can either have the modify the membership of a group permission delegated to you, or be the group manager.
#############################################################
# #
# List all users in OU #
# Add these users to a group #
# Author: Jacki Moody #
# https://techtips.tv #
# #
#############################################################
$GroupName = "GroupToAddUsersTo"
$SearchBaseNames = `
"ou=Staff,ou=HR,dc=yourdomain,dc=yourtld",`
"ou=External,dc=yourdomain,dc=yourtld",`
"ou=Security,dc=dcps,dc=duval,dc=us",`
"ou=Service Accounts,dc=dcps,dc=duval,dc=us",`
"cn=Users,dc=dcps,dc=duval,dc=us"
foreach ($SearchBaseName in $SearchBaseNames)
{
$OUUsers = Get-ADUser -Filter * -SearchBase $SearchBaseName | Select-Object samAccountName
foreach ($OUUser in $OUUsers)
{
Try
{
{Add-ADGroupMember -Identity $GroupName -Members $OUUser.samAccountName}
}
Catch
{
}
}
}